Re: [RFC V4 PATCH 00/15] Signature verification of hibernate snapshot

[Vojtech Pavlik]

On Thu, Sep 26, 2013 at 02:06:21PM +0200, Pavel Machek wrote:

> > For the symmetric key solution, I will try HMAC (Hash Message
> > Authentication Code). It's already used in networking, hope the
> > performance is not too bad to a big image.
> 
> Kernel already supports crc32 of the hibernation image, you may want
> to take a look how that is done.
> 
> Maybe you want to replace crc32 with cryptographics hash (sha1?) and
> then use only hash for more crypto? That way speed of whatever crypto
> you do should not be an issue.

Well, yes, one could skip the CRC when the signing is enabled to gain a
little speedup.

> Actually...
> 
> Is not it as simple as storing hash of hibernation image into NVRAM
> and then verifying the hash matches the value in NVRAM on next
> startup? No encryption needed. 

First, there is no encryption going on. Only doing a HMAC (digest (hash)
using a key) of the image.

Second, since NVRAM is accessible through efivarsfs, storing the hash in
NVRAM wouldn't prevent an attacker from modifying the hash to match a
modified image.

There is a reason why the key for the HMAC is stored in the NVRAM in a
BootServices variable that isn't accessible from the OS and is
write-protected on hardware level from the OS.

> And that may even be useful for non-secure-boot people, as it ensures
> you boot right image after resume, boot it just once, etc...

The HMAC approach isn't much more complicated, and it gives you all
these benefits even with secure boot disabled.

-- 
Vojtech Pavlik
Director SUSE Labs
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/