Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp2673960imn; Tue, 2 Aug 2022 11:38:24 -0700 (PDT) X-Google-Smtp-Source: AA6agR5+EzEIC3WImg2BwH0aF/8V+vRYoU9UwbV7DINXysgIz3EzGWy22M+kw50JfzLT9HehhrVR X-Received: by 2002:a17:907:2cd1:b0:730:a980:d593 with SMTP id hg17-20020a1709072cd100b00730a980d593mr1327097ejc.48.1659465504137; Tue, 02 Aug 2022 11:38:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659465504; cv=none; d=google.com; s=arc-20160816; b=pd+kjv678QxQI4H5bAIy7p0pRvtRBwpKZJppc5pdTt/3pezNXtTF48AoBQFMZDfYYK 49j0mc6iT+TkwCTfH75TaHDdK26EDcfALIE4tcEtQct+yfZmoIFO8wdxMmwf7ONcMMP4 iNY68JknNAC0kik6YJaLmpJmdi+ckMT94Ea2ws3vJOR6+Bj0JSRMvqVmcEXnJ/JRrgeY /2WxLzmppYtFz0Y/neoE1fc8QTiPwUVXHndRYoJZ8JTzoXbP8QxfLFPZKag70F7dFale T6Evh/BButda934IOyWpRTcpCzSWrOrQBaXUO5l0MRVJjjiDpnFGVG5/ZPLoZwry8UkX qWrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=0V0vFut6oA8ltHdEyyj9G6rE8xemZdZlYLyGMvFW5i4=; b=Vqbo6LxbJmumdJxmF2uR+bVpwo5kY26H8dwVxRKaHuZ8jIllfme16KymM33qZ821t1 f4VaBB68wUTmfDDc+bvk/4lFkdZ8rYnizYkVgxcIN7P+puDICS4gozQnR441yg/kWRgP Y9s47/3FAVv76/qF1alfXkFhztPJOCiLakuYRlyKK6doIpFYv+tl3ZMOxvwLH+CWzaQI acuZfao5NWtdBZrLXxJ/DkzPuobUCr1g4OCIp5JuYgxiF0tFayTJG1JE/jZnAJA9WpFT LObF0l6strYzI1ReWDOEpRHFvv+4JEEkrqXMyXYeuTSd/UTo5aJwQ2hQrVy6rrRZxEyv rkmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@aurora.tech header.s=google header.b=JbMbzCWR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=aurora.tech Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v13-20020a50a44d000000b0043c40e2b258si13028127edb.248.2022.08.02.11.37.58; Tue, 02 Aug 2022 11:38:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@aurora.tech header.s=google header.b=JbMbzCWR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=aurora.tech Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237846AbiHBShD (ORCPT + 99 others); Tue, 2 Aug 2022 14:37:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47612 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232756AbiHBShA (ORCPT ); Tue, 2 Aug 2022 14:37:00 -0400 Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13AC227169 for ; Tue, 2 Aug 2022 11:36:55 -0700 (PDT) Received: by mail-lf1-x12c.google.com with SMTP id a9so10383214lfm.12 for ; Tue, 02 Aug 2022 11:36:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aurora.tech; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=0V0vFut6oA8ltHdEyyj9G6rE8xemZdZlYLyGMvFW5i4=; b=JbMbzCWRmy2/Iq8VzGanXbbRzWl9cc1EE2JwK+mM841qApg8exzR+ojIFePkA7dQsb gRvYUobGX7Snt7L3xK5hiI7zmrzrfLFRObO9mFClHnUkwfU6RNbXI69ns2zApTAL5gwY kR7qULTZV5hfS9jHk1j94fGdCQkp4OBZzlsDCSvL9fb11iscSOr5AmCiXIvg1FPe5NWO koW2x7Wj40zQPUC0l7K2Xgx4uTqPUvDr2YMa8LZhVKI2B+MeIHFWqwE8TEimAQrNInYn is/ADBfYIy6DYJUaZIuUiI0ETOFvlzjoNx0rvql7JSvU6PkaoZznCv80G6c9ccum3uVl vtog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=0V0vFut6oA8ltHdEyyj9G6rE8xemZdZlYLyGMvFW5i4=; b=d/6AMQPyV1psjI4Df5uUgFacsD4G4yCgIdulF+wlkx4UKWzTNYVTwYI6s5NVZLuEBO VN+Whea3DiDkdUDY+vO4rVRQAxHzYz+3SIqO0uDxCwHrZsDL2WhfAGCrHTEhZ0vCXhfo eXRzlqUx7gUa7GunS3326FeZ1Ax4Yi4+mmE+9gxDL3TlaWIHOwv8/I+aFevMWqyQxx+w VNjQ2Q7etwMugB2/7PfN8JRGrqA6kTVBrv603IC9ztwS1+bKiQGvgrlocw9kyeLDs71K cRoas7S9xhgp0xSFyv3UjJPWnNtvuOUGRtQ5/h4Lh0LLn5iTsYggCUu1NY8bU1BURGFK XwGg== X-Gm-Message-State: ACgBeo1G1gYLYhfo57X5WwHAbMeO+MYYRf4tnHVJtOow89Zasvmv3duN QfiFXFsNyGgzH6r1nomxA/w6U+vSBLiSYotTwCdcAQ== X-Received: by 2002:a05:6512:210a:b0:48a:eaaf:b889 with SMTP id q10-20020a056512210a00b0048aeaafb889mr6144760lfr.89.1659465413351; Tue, 02 Aug 2022 11:36:53 -0700 (PDT) MIME-Version: 1.0 References: <20220504232102.469959-1-evgreen@chromium.org> <20220506160807.GA1060@bug> In-Reply-To: From: Matthew Garrett Date: Tue, 2 Aug 2022 11:36:43 -0700 Message-ID: Subject: Re: [PATCH 00/10] Encrypted Hibernation To: Evan Green Cc: "Rafael J. Wysocki" , Pavel Machek , LKML , Daniil Lunev , zohar@linux.ibm.com, "James E.J. Bottomley" , linux-integrity@vger.kernel.org, Jonathan Corbet , "Rafael J. Wysocki" , Gwendal Grignou , Jarkko Sakkinen , Linux PM , David Howells , Hao Wu , James Morris , Jason Gunthorpe , Len Brown , Peter Huewe , "Serge E. Hallyn" , axelj , keyrings@vger.kernel.org, "open list:DOCUMENTATION" , linux-security-module@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Aug 1, 2022 at 3:33 PM Evan Green wrote: > One more bump here, as we'd really love to get encrypted hibernation > to a form upstream would accept if at all possible. We were > considering landing this in our Chrome OS tree for now, then coming > back in a couple months with a "we've been baking this ourselves and > it's going so great, oooh yeah". I'm not sure if upstream would find > that compelling or not. But in any case, some guidance towards making > this more upstream friendly would be well appreciated. > > One thing I realized in attempting to pick this myself is that the > trusted key blob format has moved to ASN.1. So I should really move > the creation ticket to the new ASN.1 format (if I can figure out the > right OID for that piece), which would allow me to drop a lot of the > ugly stuff in tpm2_unpack_blob(). Maybe if I get no other comments > I'll work on that and resend. I've been revamping my TPM-backed verified hibernation implementation based on this work, so I'd definitely be enthusiastic about it being mergeable.