Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption
From: Oliver Neukum
Date: Tue Jul 24 2018 - 08:55:38 EST
On Di, 2018-07-24 at 14:01 +0200, Pavel Machek wrote:
> > > > > "There have some functions be locked-down because
> > > > > there have no appropriate mechanisms to check the
> > > > > integrity of writing data."
> > > > > https://patchwork.kernel.org/patch/10476751/
> > > >
> > > > So your goal is to make hibernation compatible with kernel
> > > > lockdown? Do your patches provide sufficient security that hibernation
> > > > can be enabled with kernel lockdown?
> > >
> > > OK, maybe I am dense, but if the key comes from user space, will that
> > > be enough?
> > >
> > Good point, we once tried to generate key in kernel, but people
> > suggest to generate key in userspace and provide it to the
> > kernel, which is what ecryptfs do currently, so it seems this
> > should also be safe for encryption in kernel.
> Safe against what kind of attack? Please describe what kind of
> security you are trying to provide.
Unsigned code must not take over the priviledge level of signed code.
1. Unsigned code must not allowed to read sensitive parts of signed
code's memory space
2. Unsigned code must not be able to alter the memory space of
signed code -> snapshots that are changed must not be able to be
> I don't think generating key in userspace is good enough for providing
> guarantees for secure-boot.