Re: [PATCH v2 00/10] Encrypted Hibernation

From: Pavel Machek
Date: Tue Sep 20 2022 - 04:47:16 EST

Next message: Yinbo Zhu: "[PATCH v2 1/3] MAINTAINERS: add maintainer for thermal driver for loongson2 SoCs"
Previous message: Mel Gorman: "Re: [RFC PATCH] mm: check global free_list if there is ongoing reclaiming when pcp fail"
Next in thread: Evan Green: "Re: [PATCH v2 00/10] Encrypted Hibernation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

> We are exploring enabling hibernation in some new scenarios. However,
> our security team has a few requirements, listed below:
> 1. The hibernate image must be encrypted with protection derived from
> both the platform (eg TPM) and user authentication data (eg
> password).
> 2. Hibernation must not be a vector by which a malicious userspace can
> escalate to the kernel.

Why is #2 reasonable requirement?

We normally allow userspace with appropriate permissions to update the
kernel, for example.

Best regards,
Pavel
--
People of Russia, stop Putin before his war on Ukraine escalates.

Attachment: signature.asc
Description: PGP signature

Next message: Yinbo Zhu: "[PATCH v2 1/3] MAINTAINERS: add maintainer for thermal driver for loongson2 SoCs"
Previous message: Mel Gorman: "Re: [RFC PATCH] mm: check global free_list if there is ongoing reclaiming when pcp fail"
Next in thread: Evan Green: "Re: [PATCH v2 00/10] Encrypted Hibernation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]