Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3869274imu; Mon, 7 Jan 2019 10:58:08 -0800 (PST) X-Google-Smtp-Source: ALg8bN7NhbgIvW6b6WBf6xaYT3yKOoIMYckZ8Ojq/PpWcQlCsyX2mhrHqji0BMfk5TXd9RdgNhiq X-Received: by 2002:a63:b0a:: with SMTP id 10mr11981029pgl.423.1546887488286; Mon, 07 Jan 2019 10:58:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546887488; cv=none; d=google.com; s=arc-20160816; b=w0yn3djzsehJHJhmtgQGon7ywdn6wnXMMnHtG1Cwsr/VMSLlcDNSb/SSPMwf9Ddz2O /DVCzLEG2VdX0aNQLH811L9RvT4htCmNv+qEho5cfptgkbDghwWsg73ZvYoxKcThHklz Sww3jWiufaGmqr6/hXOJVzj90Z6APgmmqqYkgb2hC5J4XKafpZsgWDHede9rx5RD9+eQ +UVxSdsqV3+VjdgBTV5pSy36RyNVT+ue5jPWUstBw3aMg40gCSR85R3shKfbw+pwjqDc elYAox/9C+NJ2j18qvh2Eccuidb+a8IbLAiohYVVlApuVYJVRMBO83V9z4vLblckSrwk uAKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=NfOzSRaCO46YvFnv8vW+K+7IXxvainRtBrHzG70Lev4=; b=F4fF4dgPSSHYAglynY/oZg7kMu1cZgZso8Wu7/ScBLI5Y+UZRzA5gZq4nKpS8BzDxr +dfJkrb45SSR96s2e8/cOQprBncjSJh6P5GtN07xe+7Ep7vAb0jRcRmTcCqB03HlKYcF wYn3jKdNP+s1mMH5ItMtdRdSQ9Sb91jOonx12PhaybQNrqFJKKHflv/lPPh7ypE3SKgf 8vOtkBoeqVVwrN5suwP6mP0imNaqivNxMUOQSBN+2RQp5ZcZz29pwIaY180fJ2GujLgt PLAuZht/x/gyJMihLUZUyfqQgdfOX6O9KSaLh2U6TR/j2ZRUVbKUknUg69wz3TcNylaQ JqYg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m11si6179183plt.26.2019.01.07.10.57.52; Mon, 07 Jan 2019 10:58:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728181AbfAGSHG (ORCPT + 99 others); Mon, 7 Jan 2019 13:07:06 -0500 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:48009 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727210AbfAGSHG (ORCPT ); Mon, 7 Jan 2019 13:07:06 -0500 Received: by atrey.karlin.mff.cuni.cz (Postfix, from userid 512) id 131D2808D5; Mon, 7 Jan 2019 19:06:58 +0100 (CET) Date: Mon, 7 Jan 2019 19:07:03 +0100 From: Pavel Machek To: joeyli Cc: "Lee, Chun-Yi" , "Rafael J . Wysocki" , linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Rafael J. Wysocki" , Chen Yu , Oliver Neukum , Ryan Chen , David Howells , Giovanni Gherdovich , Randy Dunlap , Jann Horn , Andy Lutomirski Subject: Re: [PATCH 0/5 v2][RFC] Encryption and authentication for hibernate snapshot image Message-ID: <20190107180703.GE933@amd> References: <20190103143227.9138-1-jlee@suse.com> <20190106181026.GA15256@amd> <20190107173743.GC4210@linux-l9pv.suse> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4Epv4kl9IRBfg3rk" Content-Disposition: inline In-Reply-To: <20190107173743.GC4210@linux-l9pv.suse> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --4Epv4kl9IRBfg3rk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > Thanks for your review! >=20 > > > The hibernate function can be used to snapshot memory pages to an ima= ge, > > > then kernel restores the image to memory space in a appropriate time. > > > There have secrets in snapshot image and cracker may modifies it for > > > hacking system. Encryption and authentication of snapshot image can p= rotect > > > the system. > > >=20 > > > Hibernate function requests the master key through key retention serv= ice. > > > The snapshot master key can be a trusted key or a user defined key. T= he > > > name of snapshot master key is fixed to "swsusp-kmk". User should loa= ds > > > swsusp-kmk to kernel by keyctl tool before the hibernation resume. > > > e.g. The swsusp-kmk must be loaded before systemd-hibernate-resume > >=20 > > But if userspace has a key, encryption is useless against root. > > >=20 > Yes, but this concern is not only for hibernation encryption. This patch > set does not provide solution against this concern. So, can we postpone these patches until we have a solution secure against root users? > My security goals: >=20 > - Encrypt and authicate hibernate snapshot image in kernel space. Userspa= ce > can only touch an encrypted and signed snapshot image. >=20 > - The code of encryption are in kernel. They will be signed and verify wi= th > kernel binary when secure boot enabled. It's better than using > unauthenticated userspace code at runtime. These are not goals. I'd like to understand why you want to put it into kernel in the first place. Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --4Epv4kl9IRBfg3rk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlwzlUcACgkQMOfwapXb+vK4kgCfVB1Z62JFyX7Bq7sSXrFTCqN8 rT0AoKyLzzIy+PWQLFi2lG7Z/J1iUq3L =H3zH -----END PGP SIGNATURE----- --4Epv4kl9IRBfg3rk--