Re: [PATCH] x86/efi: pull NV+BS variables out before we exit bootservices
From: James Bottomley
Date: Tue Mar 19 2013 - 14:41:07 EST
On Tue, 2013-03-19 at 18:28 +0000, Matthew Garrett wrote:
> On Tue, Mar 19, 2013 at 06:23:31PM +0000, James Bottomley wrote:
> > The scheme we discussed, unless something radically changed, was to
> > convey a temporary key pair via a mechanism to later verify the
> > hybernate kernel on a resume. That only requires reboot safe knowledge
> > of the public key. The private key can be conveyed in BS only (not NV),
> > and should be consumed (as in deleted) by the OS when it receives it, so
> > it wouldn't be exposed by this patch.
> It requires the key to survive the system being entirely powered down,
> which means it needs to be BS+NV. It shouldn't be possible for userspace
> to access this key.
It requires the *public* key to survive power down, certainly. The
private key can be thrown away once the hibernate image is signed. I
think the scheme can be constructed so the private key is never in NV
storage ... that also makes it more secure against tampering.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/