Re: [PATCH 7/9] pm: hibernate: Optionally use TPM-backed keys to protect image integrity
From: Randy Dunlap
Date: Fri Feb 19 2021 - 21:22:34 EST
Hi--
On 2/19/21 5:32 PM, Matthew Garrett wrote:
> diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> index a7320f07689d..0279cc10f319 100644
> --- a/kernel/power/Kconfig
> +++ b/kernel/power/Kconfig
> @@ -92,6 +92,21 @@ config HIBERNATION_SNAPSHOT_DEV
>
> If in doubt, say Y.
>
> +config SECURE_HIBERNATION
> + bool "Implement secure hibernation support"
> + depends on HIBERNATION && TCG_TPM
> + select KEYS
> + select TRUSTED_KEYS
> + select CRYPTO
> + select CRYPTO_SHA256
> + select CRYPTO_AES
> + select TCG_TPM_RESTRICT_PCR
> + help
> + Use a TPM-backed key to securely determine whether a hibernation
> + image was written out by the kernel and has not been tampered with.
> + This requires a TCG-compliant TPM2 device, which is present on most
> + modern hardware.
Please follow coding-style for Kconfig files:
from Documentation/process/coding-style.rst, section 10):
For all of the Kconfig* configuration files throughout the source tree,
the indentation is somewhat different. Lines under a ``config`` definition
are indented with one tab, while help text is indented an additional two
spaces.
Also, one feature should not be responsible for enabling other "subsystems,"
such as KEYS and CRYPTO. They should instead be listed as dependencies.
--
~Randy