From: Matt Fleming Subject: Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot Date: Thu, 5 Sep 2013 11:31:58 +0100 Message-ID: <20130905103158.GM28598@console-pimps.org> References: <1377169317-5959-1-git-send-email-jlee@suse.com> <1377169317-5959-12-git-send-email-jlee@suse.com> <20130905085348.GJ28598@console-pimps.org> <1378376016.6193.71.camel@linux-s257.site> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw@public.gmane.org, David Howells , "Rafael J. Wysocki" , Matthew Garrett , Len Brown , Pavel Machek , Josh Boyer , Vojtech Pavlik , Matt Fleming , James Bottomley , Greg KH , JKosina-IBi9RG/b67k@public.gmane.org, Rusty Russell , Herbert Xu , "David S. Miller" , "H. Peter Anvin" , Michal Marek , Gary Lin , Vivek Goyal , Takashi Iwai To: joeyli Return-path: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: List-Archive: Content-Disposition: inline In-Reply-To: <1378376016.6193.71.camel-ONCj+Eqt86TasUa73XJKwA@public.gmane.org> List-Id: linux-crypto.vger.kernel.org On Thu, 05 Sep, at 06:13:36PM, joeyli wrote: > This S4WakeKey is a VOLATILE variable that could not modify by > SetVariable() at runtime. So, it's read only even through efivars. > > Does it what your concern? No, the UEFI spec probibits certain runtime functions from being executed concurrently on separate cpus and the spinlock used in the efivars code ensures that we adhere to that restriction. See table 31 in section 7.1 of the UEFI 2.4 spec for the list of services that are non-reentrant. The problem isn't that we want to avoid simultaneous access to S4WakeKey, it's that we can't invoke any of the variable runtime service functions concurrently. -- Matt Fleming, Intel Open Source Technology Center