Re: [PATCH v2 06/10] PM: hibernate: Add kernel-based encryption
From: Kees Cook
Date: Tue Sep 20 2022 - 19:10:09 EST
On Tue, Aug 23, 2022 at 03:25:22PM -0700, Evan Green wrote:
> Enabling the kernel to be able to do encryption and integrity checks on
> the hibernate image prevents a malicious userspace from escalating to
> kernel execution via hibernation resume. As a first step toward this, add
> the scaffolding needed for the kernel to do AEAD encryption on the
> hibernate image, giving us both secrecy and integrity.
I'd love Eric to take a look at this, just to make sure the crypto API
is being used correctly here. :)
--
Kees Cook