Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4602189iob; Sun, 8 May 2022 18:52:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwth0fXLeTM6ZU/cIOBp57AV4+X0IcMBQVNPvivPqgEVdd4K9Jr01bXq+eOTc57NHp6B1ch X-Received: by 2002:a05:6a00:1c5c:b0:505:7469:134a with SMTP id s28-20020a056a001c5c00b005057469134amr13658453pfw.16.1652061142964; Sun, 08 May 2022 18:52:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652061142; cv=none; d=google.com; s=arc-20160816; b=mMBS3q1iOiagfjMfvMy29c3NMEKjRILWYWg1SumdrOw21GAYs+OnwPzB1/KlnLLu5l db6EZUkTPYRvVMxEf0A4eye1imMxYA5Q2bT1brcTuMqXFn1hKfzL+lp6fHGYOIg7Vkdo zXER4RSOi25C0I7GNySi/Pi0wCkE2ssE6IWb0BJIdjOXDYIts2ZimVXnUF1hPLt5FDmN N19/gkz8t7h6ADep2vGB3rOJF1NBDJlocpk36q79rk8gxjfMrKKj3RkHyi9+i98+HYyF NAsfhoP3tZq0c7C/auQ8iwcwt2NKAym8d19Zda/9yeJVJ+MvTsy+a5xJpC0oNBPw3hZz kahA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=obU8cl9JtwTQsfZTCpY1sN2OiE8GaSnFMD03HqLbPz4=; b=yYWKzXrBX+ef5gHNMzDR1breDXHMNXws85KA1aTJFxIMTT2qXTGUtX4MSKYS2AKARR /1j4jXy0nqbowjL8ISMum9sLx/dRG5eV4cnoLhhz+EebvJ1U/xw9QfLfNKOgCxrTlFMJ M8X6K5FThw7X7vmyXVlE2zmS5JG2oDNBFKKyCgrJ2Bw1mlAH096kqyh1LmW+RdKTwez4 eOCnHkvnEWDoIqOuzmLCvDREGWCFEK+BzA1ZXzaq+5OVf1B9kjT8WWZrucsppWkV+dnh vXjnbLNWnTbBg48sT7zoga7bUZbdanHFjQQGwOqD5DWVWAMWRDYht/AlCMO5R1djbcwz KqdA== ARC-Authentication-Results: i=1; mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id i4-20020a17090332c400b00153b2d16519si11454204plr.289.2022.05.08.18.52.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 May 2022 18:52:22 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 694FD41FAA; Sun, 8 May 2022 18:51:57 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242989AbiEFQMy convert rfc822-to-8bit (ORCPT + 99 others); Fri, 6 May 2022 12:12:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44540 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1443647AbiEFQMn (ORCPT ); Fri, 6 May 2022 12:12:43 -0400 Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEE4A6FA2E; Fri, 6 May 2022 09:08:12 -0700 (PDT) Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id CF2A51C0BA6; Fri, 6 May 2022 18:08:09 +0200 (CEST) Date: Fri, 6 May 2022 18:08:08 +0200 From: Pavel Machek To: Evan Green Cc: linux-kernel@vger.kernel.org, Matthew Garrett , dlunev@google.com, zohar@linux.ibm.com, jejb@linux.ibm.com, linux-integrity@vger.kernel.org, corbet@lwn.net, rjw@rjwysocki.net, gwendal@chromium.org, jarkko@kernel.org, linux-pm@vger.kernel.org, David Howells , Hao Wu , James Morris , Jason Gunthorpe , Len Brown , Matthew Garrett , Peter Huewe , "Rafael J. Wysocki" , "Serge E. Hallyn" , axelj , keyrings@vger.kernel.org, linux-doc@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [PATCH 00/10] Encrypted Hibernation Message-ID: <20220506160807.GA1060@bug> References: <20220504232102.469959-1-evgreen@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 8BIT In-Reply-To: <20220504232102.469959-1-evgreen@chromium.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE, SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi! > We are exploring enabling hibernation in some new scenarios. However, > our security team has a few requirements, listed below: > 1. The hibernate image must be encrypted with protection derived from > both the platform (eg TPM) and user authentication data (eg > password). > 2. Hibernation must not be a vector by which a malicious userspace can > escalate to the kernel. Can you (or your security team) explain why requirement 2. is needed? On normal systems, trusted userspace handles kernel upgrades (for example), so it can escalate to kernel priviledges. Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html