From: Matthew Garrett Subject: Re: [RFC PATCH 00/18 v3] Signature verification of hibernate snapshot Date: Sun, 1 Sep 2013 17:04:29 +0100 Message-ID: <20130901160429.GA1375@srcf.ucam.org> References: <1377169317-5959-1-git-send-email-jlee@suse.com> <87eh9dzg00.fsf@mid.deneb.enyo.de> <1377734505.19568.39.camel@linux-s257.site> <87r4d8vn71.fsf@mid.deneb.enyo.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: joeyli , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw@public.gmane.org, David Howells , "Rafael J. Wysocki" , Len Brown , Pavel Machek , Josh Boyer , Vojtech Pavlik , Matt Fleming , James Bottomley , Greg KH , JKosina-IBi9RG/b67k@public.gmane.org, Rusty Russell , Herbert Xu , "David S. Miller" , "H. Peter Anvin" , Michal Marek , Gary Lin , Vivek Goyal To: Florian Weimer Return-path: Content-Disposition: inline In-Reply-To: <87r4d8vn71.fsf-ZqZwdwZz9NfTBotR3TxKnbNAH6kLmebB@public.gmane.org> Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-crypto.vger.kernel.org On Sun, Sep 01, 2013 at 12:41:22PM +0200, Florian Weimer wrote: > But if you don't generate fresh keys on every boot, the persistent > keys are mor exposed to other UEFI applications. Correct me if I'm > wrong, but I don't think UEFI variables are segregated between > different UEFI applications, so if anyone gets a generic UEFI variable > dumper (or setter) signed by the trusted key, this cryptographic > validation of hibernate snapshots is bypassable. If anyone can execute arbitrary code in your UEFI environment then you've already lost. -- Matthew Garrett | mjg59-1xO5oi07KQx4cg9Nei1l7Q@public.gmane.org