From: Jiri Kosina Subject: Re: [RFC V4 PATCH 00/15] Signature verification of hibernate snapshot Date: Thu, 26 Sep 2013 16:48:00 +0200 (CEST) Message-ID: References: <1380147414.18835.36.camel@dabdike.int.hansenpartnership.com> <20130926002730.GA26857@amd.pavel.ucw.cz> <1380162771.18835.47.camel@dabdike.int.hansenpartnership.com> <1380206654.18835.56.camel@dabdike.int.hansenpartnership.com> Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: Pavel Machek , Alan Stern , David Howells , "Lee, Chun-Yi" , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw@public.gmane.org, "Rafael J. Wysocki" , Matthew Garrett , Len Brown , Josh Boyer , Vojtech Pavlik , Matt Fleming , Greg KH , Rusty Russell , Herbert Xu , "David S. Miller" , "H. Peter Anvin" , Michal Marek , Gary Lin , Vivek Goyal To: James Bottomley Return-path: In-Reply-To: <1380206654.18835.56.camel-sFMDBYUN5F8GjUHQrlYNx2Wm91YjaHnnhRte9Li2A+AAvxtiuMwx3w@public.gmane.org> List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: List-Archive: List-Id: linux-crypto.vger.kernel.org On Thu, 26 Sep 2013, James Bottomley wrote: > > could you please describe the exact scenario you think that the symmetric > > keys aproach doesn't protect against, while the assymetric key aproach > > does? > > > > The crucial points, which I believe make the symmetric key aproach work > > (and I feel quite embarassed by the fact that I haven't realized this > > initially when coming up with the assymetric keys aproach) are: > > > > - the kernel that is performing the actual resumption is trusted in the > > secure boot model, i.e. you trust it to perform proper verification > > > > - potentially malicious userspace (which is what we are protecting against > > -- malicious root creating fake hibernation image and issuing reboot) > > doesn't have access to the symmetric key > > OK, so the scheme is to keep a symmetric key in BS that is passed into > the kernel each time (effectively a secret key) for signing and > validation? Exactly. > The only two problems I see are > > 1. The key isn't generational (any compromise obtains it). This > can be fixed by using a set of keys generated on each boot and > passing in both K_{N-1} and K_N I think this could be easily made optional, leaving the user with choice of faster or "safer" boot. > 2. No external agency other than the next kernel can do the > validation since the validating key has to be secret This is true, but as you said, the relevance of this seems to be rather questionable. -- Jiri Kosina SUSE Labs