Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753216AbZI3GzN (ORCPT ); Wed, 30 Sep 2009 02:55:13 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752843AbZI3GzM (ORCPT ); Wed, 30 Sep 2009 02:55:12 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:56399 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752809AbZI3GzM (ORCPT ); Wed, 30 Sep 2009 02:55:12 -0400 Date: Wed, 30 Sep 2009 08:54:48 +0200 From: Pavel Machek To: "Wang, Shane" Cc: Arjan van de Ven , "H. Peter Anvin" , "Rafael J. Wysocki" , Linus Torvalds , Linux Kernel Mailing List , Ingo Molnar , Thomas Gleixner , "Cihula, Joseph" Subject: Re: [GIT PULL] x86/txt for v2.6.32 Message-ID: <20090930065448.GB11652@elf.ucw.cz> References: <200909142051.n8EKpiOM017912@terminus.zytor.com> <200909262344.21257.rjw@sisk.pl> <20090928210252.GD1960@elf.ucw.cz> <200909282307.56190.rjw@sisk.pl> <4AC1267D.6020405@zytor.com> <20090928211745.GA2119@elf.ucw.cz> <4AC1AA61.8070408@intel.com> <20090929171318.GC14405@elf.ucw.cz> <20090929191951.18315e94@infradead.org> <037F493892196B458CD3E193E8EBAD4F01ED9FE3B1@pdsmsx502.ccr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <037F493892196B458CD3E193E8EBAD4F01ED9FE3B1@pdsmsx502.ccr.corp.intel.com> X-Warning: Reading this can be dangerous to your mental health. User-Agent: Mutt/1.5.18 (2008-05-17) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1299 Lines: 31 On Wed 2009-09-30 10:16:55, Wang, Shane wrote: > Arjan van de Ven wrote: > > On Tue, 29 Sep 2009 19:13:18 +0200 > > Pavel Machek wrote: > > > >> Ok, and what prevents me from commenting out the MAC checking code? > >> > > > > because the bios verified some code that verified the kernel which > > includes the MAC checking code .. as part of returning from S3 ? > > Yes, S3 sleep/resume cause another cycle to build the measured environment. > i.e. SINIT will verify tboot, tboot will verify kernel mem, kernel will verify userspace mem. > If you comment out the MAC checking code in any party, the chain will lost and S3 resume will fail. > Ok, that means that you are protecting integrity but not secrecy? Should that be written down in documentation, along with threat model? So I modify the RAM content so that BIOS does not think measured environment existed before suspend? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/