Re: [PATCH v2 06/10] PM: hibernate: Add kernel-based encryption

From: Kees Cook
Date: Tue Sep 20 2022 - 19:10:09 EST

Next message: Nadav Amit: "Re: [PATCH] x86/alternative: fix race in try_get_desc()"
Previous message: Kees Cook: "Re: [PATCH v2 05/10] security: keys: trusted: Verify creation data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 23, 2022 at 03:25:22PM -0700, Evan Green wrote:
> Enabling the kernel to be able to do encryption and integrity checks on
> the hibernate image prevents a malicious userspace from escalating to
> kernel execution via hibernation resume. As a first step toward this, add
> the scaffolding needed for the kernel to do AEAD encryption on the
> hibernate image, giving us both secrecy and integrity.

I'd love Eric to take a look at this, just to make sure the crypto API
is being used correctly here. :)

--
Kees Cook

Next message: Nadav Amit: "Re: [PATCH] x86/alternative: fix race in try_get_desc()"
Previous message: Kees Cook: "Re: [PATCH v2 05/10] security: keys: trusted: Verify creation data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]