Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

From: Pavel Machek
Date: Thu Aug 09 2018 - 02:53:11 EST

Next message: Eric W. Biederman: "[PATCH v5 0/6] Not restarting for due to signals."
Previous message: Takashi Iwai: "Re: [PATCH] ALSA: usb-audio: Mark expected switch fall-through"
In reply to: Yu Chen: "Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption"
Next in thread: Oliver Neukum: "Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> > Define unsafe.
> >
> > If you want security against bad people resuming your machines, please
> Yes, this is one of the requirements.

> > But I thought you were trying to do something for secure boot, and "bad
> > person resumes your machine" is out of scope there.
> >
> Not exactly, secure boot is one solution to meet the requirement.

Is it? AFAICT secure boot is something else. "Not even owner can see
kernel memory".

> > So please always explain security against _what kind of attack_ you
> > are trying to improve; intelligent communication is not possible
> > without that.
> >
> User requirement:
> A is the user, B is the attacker, user A launches a STD and
> encrypts A's ram data, then writes these encrypted data onto
> the disk, so that: Even if user B has access to the disk,
> B could not know the content of A. Which implies:
> 1. If B unplugs the disk from A's machine, and plugs the disk onto
> another machine, B could not decode the content without A's
> 'permission'.
> 2. If B is using the same machine as A, even A has walked away leaving
> the system suspend, B could not resume to A's context without
> A's 'permission'.

Ok. Let's call this "effective resume password".

> Previously, there are three proposal for this:
> a. Enhance the uswsusp(Pavel)

Actually you don't have to enhance anything. Uswsusp already provides
"effective resume password".

If you only want to ask for password on resume, RSA is needed.

> Then let's talk a little more about secure boot. According
> to my understanding, the situation secure boot tries to deal
> with is a little different from the user case we raised above -
> It is an enhancement for case 1, because it refuses to resume
> once the machine is changed. And it does not cover case 2. But
> if it is a requirement from the user, that's ok.

That does not match my understanding of secure boot.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature

Next message: Eric W. Biederman: "[PATCH v5 0/6] Not restarting for due to signals."
Previous message: Takashi Iwai: "Re: [PATCH] ALSA: usb-audio: Mark expected switch fall-through"
In reply to: Yu Chen: "Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption"
Next in thread: Oliver Neukum: "Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]