Re: [RFC PATCH 4/8] x86/power: Restore Key Locker internal key from the ACPI S3/4 sleep states

[Eric Biggers]

On Wed, Dec 16, 2020 at 09:41:42AM -0800, Chang S. Bae wrote:
> When the system state switches to these sleep states, the internal key gets
> reset. Since this system transition is transparent to userspace, the
> internal key needs to be restored properly.
> 
> Key Locker provides a mechanism to back up the internal key in non-volatile
> memory. The kernel requests a backup right after the key loaded at
> boot-time and copies it later when the system wakes up.
> 
> The backup during the S5 sleep state is not trusted. It is overwritten by a
> new key at the next boot.
> 
> On a system with the S3/4 states, enable the feature only when the backup
> mechanism is supported.
> 
> Disable the feature when the copy fails (or the backup corrupts). The
> shutdown is considered too noisy. A new key is considerable only when
> threads can be synchronously suspended.

Can this backup key be used to decrypt the encoded AES keys without executing
the keylocker instructions on the same CPU?

- Eric