From: Vojtech Pavlik Subject: Re: [RFC V4 PATCH 00/15] Signature verification of hibernate snapshot Date: Thu, 26 Sep 2013 16:56:33 +0200 Message-ID: <20130926145633.GA572@suse.cz> References: <1380147414.18835.36.camel@dabdike.int.hansenpartnership.com> <20130926002730.GA26857@amd.pavel.ucw.cz> <1380162771.18835.47.camel@dabdike.int.hansenpartnership.com> <1380206654.18835.56.camel@dabdike.int.hansenpartnership.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: James Bottomley , Pavel Machek , Alan Stern , David Howells , "Lee, Chun-Yi" , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-pm-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw@public.gmane.org, "Rafael J. Wysocki" , Matthew Garrett , Len Brown , Josh Boyer , Matt Fleming , Greg KH , Rusty Russell , Herbert Xu , "David S. Miller" , "H. Peter Anvin" , Michal Marek , Gary Lin , Vivek Goyal , "Lee, Chun-Yi" Return-path: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: List-Archive: Content-Disposition: inline In-Reply-To: List-Id: linux-crypto.vger.kernel.org On Thu, Sep 26, 2013 at 04:48:00PM +0200, Jiri Kosina wrote: > > The only two problems I see are > > > > 1. The key isn't generational (any compromise obtains it). This > > can be fixed by using a set of keys generated on each boot and > > passing in both K_{N-1} and K_N > > I think this could be easily made optional, leaving the user with choice > of faster or "safer" boot. Ideally, the key should be regenerated on each true reboot and kept the same if it is just a resume. Unfortunately, I don't see a way to distinguish those before we call ExitBootServices(). The reasoning behind that is that in the case of a kernel compromise, a suspended-and-resumed kernel will still be compromised, so there is no value in passing it a new key. A freshly booted kernel, though, should get a new key, exactly because the attacker could have obtained a key from the previous, compromised one. This speeds up the ususal suspend-and-resume cycle, but provides full security once the user performs a full reboot. The question that remains is how to tell in advance. > > 2. No external agency other than the next kernel can do the > > validation since the validating key has to be secret > > This is true, but as you said, the relevance of this seems to be rather > questionable. Indeed, it's hard to imagine a scenario that is also valid within the secure boot threat model. -- Vojtech Pavlik Director SUSE Labs