Re: [RFC V4 PATCH 00/15] Signature verification of hibernatesnapshot

From: joeyli
Date: Thu Sep 26 2013 - 06:44:19 EST

Next message: Richard Weinberger: "Re: [PATCH 2/8] um: Do not use SUBARCH"
Previous message: Alexander Gordeev: "Re: [PATCH v2 2/6] PCI/MSI: Factor out pci_get_msi_cap() interface"
In reply to: joeyli: "Re: [RFC V4 PATCH 00/15] Signature verification of hibernatesnapshot"
Next in thread: Pavel Machek: "Re: [RFC V4 PATCH 00/15] Signature verification of hibernatesnapshot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

æ åï2013-09-26 æ 10:19 +0800ïjoeyli æåï
> æ äï2013-09-25 æ 17:25 -0400ïAlan Stern æåï
> > On Wed, 25 Sep 2013, David Howells wrote:
> >
> > > I have pushed some keyrings patches that will likely affect this to:
> > >
> > > http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-devel
> > >
> > > I intend to ask James to pull these into his next branch. If he's happy to do
> > > so, I can look at pulling at least your asymmetric keys patch on top of them.
> >
> > This suggests a point that I raised at the Linux Plumbers conference:
> >
> > Why are asymmetric keys used for verifying the hibernation image? It
> > seems that a symmetric key would work just as well. And it would be a
> > lot quicker to generate, because it wouldn't need any high-precision
> > integer computations.
> >
> > Alan Stern
> >
> >
>
> Per my understood, it's like add salt to snapshot when generate
> signature, then remove the salt when store the snapshot to swap. (or
> pass snapshot to userland).
>
> Let me explain the symmetric key solution base on my understand:
>
> + EFI stub kernel generate a hash value from a random seed, then store
> it to EFi boot varaible. It should protected by UEFI secure boot
> environment.
>
> + When hibernate launched:
> - Kernel create the snapshot image of memory. It's included the
> random hash value(salt) that generated in EFI stub stage.
> - Then kernel hash the snapshot image, put the hash to snapshot
> header, just like current asymmetric keys solution.
> - Kernel erase the salt in snapshot image before it go to swap or
> pass to userspace tool.
>
> + When hibernate resume:
> - Kernel or userspace tool load the snapshot(without salt) from swap
> to temporary memory space.
> - Kernel fill the salt back to snapshot image in memory, hash it.
> - Kernel compare the hash with the hash that put in snapshot header.
> - Verification done! The follow-up action as current solution.
>
> Please current me if I missed anything.
>
>
> Thanks a lot!
> Joey Lee
>

For the symmetric key solution, I will try HMAC (Hash Message
Authentication Code). It's already used in networking, hope the
performance is not too bad to a big image.

Thanks
Joey Lee

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Weinberger: "Re: [PATCH 2/8] um: Do not use SUBARCH"
Previous message: Alexander Gordeev: "Re: [PATCH v2 2/6] PCI/MSI: Factor out pci_get_msi_cap() interface"
In reply to: joeyli: "Re: [RFC V4 PATCH 00/15] Signature verification of hibernatesnapshot"
Next in thread: Pavel Machek: "Re: [RFC V4 PATCH 00/15] Signature verification of hibernatesnapshot"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]