Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp3630345rwb; Tue, 20 Sep 2022 02:21:31 -0700 (PDT) X-Google-Smtp-Source: AMsMyM44ZxlDrYZkcgnj7GbxCrCuUxydfCH8rR515v+oKvSd6lhagmsP+7r8XTqF3K+uqN5uZY+f X-Received: by 2002:a05:6402:1d48:b0:44e:c6cf:778 with SMTP id dz8-20020a0564021d4800b0044ec6cf0778mr19798521edb.421.1663665690897; Tue, 20 Sep 2022 02:21:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663665690; cv=none; d=google.com; s=arc-20160816; b=NucA2DBWNlh22624xW6vxxN8Mk0xKH47ELNOAqHJ8zms6XhoAIxYQ5HRVLHL/24bUp Bi/93NK+9Wbz3l+SJRYTgPd2AVKgGvoCFaiFiD5Q04/oqDjNnoyXlDeeBXMmitlpMHzD fyLWZwmRD6dQboAWiVaAeQf3ACWB2sogaSvktt68tlD0q/V5H2P6OWYuvE2rFtYACtEj PHR1Vpc+7gpH4Tzs6z0DieiVLliaT81v67g9S/cNktNtPYarVJNlbjV4Da2eYP6xnHji zJWvz9GBtWRyS8sC50ukDr83L+VF7Fd80/JZHZYsOAF+H22TTP1XZHiWXsy1vEFSV9dU AmMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=m+B044GiOC3FAHs7y8TAP5asmItikcEGRpu5Fy9MMXw=; b=NKnp16a1KN695vQzn+Qaepdx0nGKYMmtefHbpbDgCYsWPmoio+a/3kZ/DzWYqst5+H GPZYFn30fYxmLdhsy/gd7YKK0n/vvqkywISmOPKPmGQc7msTa0eRHbLybe8cH0voPlnO c9xVaF3DwXAp6nfJsIrkpg4N0gnj+K+/Rc06jT8P8q3UBRjFwBMVtvhX+y6yEICP3FL0 nX/LK2dXfQh/kZZwVHN0/Ev8P2OAPHRDu8BUnKNmYYySUunhuiFlQpDzKwqE7V3HrfMP k4r8n7bgcrj0qPP9FqZyezXX+FDQHshf87x5smWNhcocPyfYN9Ndt717nNKqj6oQEhS1 HJqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ucw.cz header.s=gen1 header.b="mi/lhRJA"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ucw.cz Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q15-20020a056402518f00b0044792d4876asi1301824edd.291.2022.09.20.02.21.04; Tue, 20 Sep 2022 02:21:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ucw.cz header.s=gen1 header.b="mi/lhRJA"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ucw.cz Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231297AbiITIrL (ORCPT + 99 others); Tue, 20 Sep 2022 04:47:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231469AbiITIqy (ORCPT ); Tue, 20 Sep 2022 04:46:54 -0400 Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5CDCE36875; Tue, 20 Sep 2022 01:46:50 -0700 (PDT) Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 9C98D1C000F; Tue, 20 Sep 2022 10:46:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucw.cz; s=gen1; t=1663663608; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=m+B044GiOC3FAHs7y8TAP5asmItikcEGRpu5Fy9MMXw=; b=mi/lhRJA28hXLOLUUNvAjRNQgDkpVqi2t4fefgT3gyLQJ/IRDTmkLHghrnSCAIHfe0iFxe 4ZoRH1eMoCzYNlhpTCx+JQzcrL4O8gcPxw1PJbKcjsgZOW5FMU3AQ+v5MxPmEGVqrgIgzq vZIneReOXTciX9VDgVpIp1hrm4RNoV8= Date: Tue, 20 Sep 2022 10:46:48 +0200 From: Pavel Machek To: Evan Green Cc: linux-kernel@vger.kernel.org, gwendal@chromium.org, Eric Biggers , Matthew Garrett , jarkko@kernel.org, zohar@linux.ibm.com, linux-integrity@vger.kernel.org, apronin@chromium.org, dlunev@google.com, rjw@rjwysocki.net, linux-pm@vger.kernel.org, corbet@lwn.net, jejb@linux.ibm.com, David Howells , Hao Wu , James Morris , Jason Gunthorpe , Len Brown , Matthew Garrett , Paul Moore , Peter Huewe , "Rafael J. Wysocki" , "Serge E. Hallyn" , axelj , keyrings@vger.kernel.org, linux-doc@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [PATCH v2 00/10] Encrypted Hibernation Message-ID: <20220920084648.GA17087@duo.ucw.cz> References: <20220823222526.1524851-1-evgreen@chromium.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy" Content-Disposition: inline In-Reply-To: <20220823222526.1524851-1-evgreen@chromium.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > We are exploring enabling hibernation in some new scenarios. However, > our security team has a few requirements, listed below: > 1. The hibernate image must be encrypted with protection derived from > both the platform (eg TPM) and user authentication data (eg > password). > 2. Hibernation must not be a vector by which a malicious userspace can > escalate to the kernel. Why is #2 reasonable requirement? We normally allow userspace with appropriate permissions to update the kernel, for example. Best regards, Pavel --=20 People of Russia, stop Putin before his war on Ukraine escalates. --gBBFr7Ir9EOA20Yy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCYyl9+AAKCRAw5/Bqldv6 8lvdAJ4zQXifIqIZAAW6gMeQtj3ws4bIFQCffBRZxZNKdBsV8wRgBtUhoS9GFp8= =1j7r -----END PGP SIGNATURE----- --gBBFr7Ir9EOA20Yy--