Re: [PATCH] x86/efi: pull NV+BS variables out before we exit bootservices

From: James Bottomley
Date: Wed Mar 20 2013 - 04:00:19 EST

Next message: Youquan Song: "[PATCH] perf: Fix parameter type mismatch"
Previous message: Kasatkin, Dmitry: "Re: [RFC PATCH] integrity: Use a new type for asymmetric signature"
In reply to: Matthew Garrett: "Re: [PATCH] x86/efi: pull NV+BS variables out before we exit bootservices"
Next in thread: Matthew Garrett: "Re: [PATCH] x86/efi: pull NV+BS variables out before we exit bootservices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2013-03-19 at 23:17 +0000, Matthew Garrett wrote:
> On Tue, Mar 19, 2013 at 11:00:31PM +0000, James Bottomley wrote:
> > On Tue, 2013-03-19 at 18:50 +0000, Matthew Garrett wrote:
> > > Well, that somewhat complicates implementation - we'd be encrypting the
> > > entire contents of memory except for the key that we're using to encrypt
> > > memory. Keeping the public key away from userspace avoids having to care
> > > about that.
> >
> > I don't quite understand what you're getting at: the principle of public
> > key cryptography is that you can make the public key, well public. You
> > only need to guard the private key.
>
> Ok, so let's just rephrase it as asymmetric cryptography. The aim is to
> ensure that there's never a situation where userspace can decrypt a
> hibernation file, modify it and reencrypt it. So, shim (or whatever)
> generates a keypair. The encryption key is passed to the kernel being
> booted. The decryption key is stashed in a variable in order to be
> passed to the resume kernel.
>
> If the decryption key is available to userspace then the kernel needs to
> discard the encryption key during image write-out - otherwise the
> encryption key will be in the encrypted image. If the decryption key
> isn't available to userspace then this isn't a concern.
>
> If the decryption key *is* available to userspace (as it would be in
> your case), there's a requirement to discard the encryption key during
> the hibernation process. This isn't impossible, but it does add a little
> to the complexity.

I agree with this. But I do think the volatile secret key scheme, where
you discard the key immediately after use is the more secure one because
it relies on fewer secrets (and, indeed, no secrets at all after the
event). It's a case where transparency encourages better security
architecture.

James

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Youquan Song: "[PATCH] perf: Fix parameter type mismatch"
Previous message: Kasatkin, Dmitry: "Re: [RFC PATCH] integrity: Use a new type for asymmetric signature"
In reply to: Matthew Garrett: "Re: [PATCH] x86/efi: pull NV+BS variables out before we exit bootservices"
Next in thread: Matthew Garrett: "Re: [PATCH] x86/efi: pull NV+BS variables out before we exit bootservices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]