From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com> To: "Rafael J . Wysocki" <rjw@rjwysocki.net>, Pavel Machek <pavel@ucw.cz> Cc: linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Lee, Chun-Yi" <jlee@suse.com>, "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>, Chen Yu <yu.c.chen@intel.com>, Oliver Neukum <oneukum@suse.com>, Ryan Chen <yu.chen.surf@gmail.com>, David Howells <dhowells@redhat.com>, Giovanni Gherdovich <ggherdovich@suse.cz>, Randy Dunlap <rdunlap@infradead.org>, Jann Horn <jannh@google.com>, Andy Lutomirski <luto@kernel.org> Subject: [PATCH 4/5 v2] PM / hibernate: Erase the snapshot master key in snapshot pages Date: Thu, 03 Jan 2019 14:32:26 +0000 [thread overview] Message-ID: <20190103143227.9138-5-jlee@suse.com> (raw) In-Reply-To: <20190103143227.9138-1-jlee@suse.com> If the encryption key be guessed then the snapshot master key can also be grabbed from snapshot image. Which means that the authentication key can also be calculated. So kernel erases master key in snapshot pages. Because the master key in image kernel be erased, kernel uses the trampoline page to forward snapshot master key to image kernel. v2: - Add memory barrier after cleaning key initialized flag. Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com> Cc: Pavel Machek <pavel@ucw.cz> Cc: Chen Yu <yu.c.chen@intel.com> Cc: Oliver Neukum <oneukum@suse.com> Cc: Ryan Chen <yu.chen.surf@gmail.com> Cc: David Howells <dhowells@redhat.com> Cc: Giovanni Gherdovich <ggherdovich@suse.cz> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Jann Horn <jannh@google.com> Cc: Andy Lutomirski <luto@kernel.org> Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com> --- kernel/power/power.h | 6 ++++ kernel/power/snapshot.c | 5 ++++ kernel/power/snapshot_key.c | 67 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+) diff --git a/kernel/power/power.h b/kernel/power/power.h index 41263fdd3a54..d2fc73b2e200 100644 --- a/kernel/power/power.h +++ b/kernel/power/power.h @@ -36,6 +36,7 @@ struct swsusp_info { struct trampoline { bool snapshot_key_valid; int sig_verify_ret; + u8 snapshot_key[SNAPSHOT_KEY_SIZE]; } __aligned(PAGE_SIZE); #ifdef CONFIG_HIBERNATION @@ -55,6 +56,9 @@ extern int snapshot_key_init(void); extern bool snapshot_key_initialized(void); extern int snapshot_get_auth_key(u8 *auth_key, bool may_sleep); extern int snapshot_get_enc_key(u8 *enc_key, bool may_sleep); +extern void snapshot_key_page_erase(unsigned long pfn, void *buff_addr); +extern void snapshot_key_trampoline_backup(struct trampoline *t); +extern void snapshot_key_trampoline_restore(struct trampoline *t); #else static inline int snapshot_image_verify_decrypt(void) { return 0; } static inline int snapshot_prepare_crypto(bool may_sleep, bool create_iv) { return 0; } @@ -62,6 +66,8 @@ static inline void snapshot_finish_crypto(void) {} static inline int snapshot_prepare_hash(bool may_sleep) { return 0; } static inline void snapshot_finish_hash(void) {} static inline int snapshot_key_init(void) { return 0; } +static inline void snapshot_key_trampoline_backup(struct trampoline *t) {} +static inline void snapshot_key_trampoline_restore(struct trampoline *t) {} #endif /* !CONFIG_HIBERNATION_ENC_AUTH */ #ifdef CONFIG_ARCH_HIBERNATION_HEADER diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c index cd10ab5e4850..80ed8e7c5ed8 100644 --- a/kernel/power/snapshot.c +++ b/kernel/power/snapshot.c @@ -1697,6 +1697,9 @@ __copy_data_pages(struct memory_bitmap *copy_bm, struct memory_bitmap *orig_bm) crypto_buffer = page_address(d_page); } + /* Erase key data in snapshot */ + snapshot_key_page_erase(pfn, crypto_buffer); + /* Encrypt hashed page */ encrypt_data_page(crypto_buffer); @@ -2482,6 +2485,7 @@ void snapshot_init_trampoline(void) t = (struct trampoline *)trampoline_buff; init_sig_verify(t); + snapshot_key_trampoline_backup(t); pr_info("Hibernation trampoline page prepared\n"); } @@ -2505,6 +2509,7 @@ void snapshot_restore_trampoline(void) t = (struct trampoline *)trampoline_virt; handle_sig_verify(t); + snapshot_key_trampoline_restore(t); snapshot_free_trampoline(); } diff --git a/kernel/power/snapshot_key.c b/kernel/power/snapshot_key.c index 3a569b505d8d..9d478c27d6b9 100644 --- a/kernel/power/snapshot_key.c +++ b/kernel/power/snapshot_key.c @@ -29,11 +29,27 @@ static struct snapshot_key { const char *key_name; bool initialized; unsigned int key_len; + unsigned long pfn; /* pfn of keyblob */ + unsigned long addr_offset; /* offset in page for keyblob */ u8 key[SNAPSHOT_KEY_SIZE]; + u8 fingerprint[SHA512_DIGEST_SIZE]; /* fingerprint of keyblob */ } skey = { .key_name = "swsusp-kmk", }; +static void snapshot_key_clean(void) +{ + crypto_free_shash(hash_tfm); + hash_tfm = NULL; + skey.initialized = false; + barrier(); + skey.pfn = 0; + skey.key_len = 0; + skey.addr_offset = 0; + memzero_explicit(skey.key, SNAPSHOT_KEY_SIZE); + memzero_explicit(skey.fingerprint, SHA512_DIGEST_SIZE); +} + static int calc_hash(u8 *digest, const u8 *buf, unsigned int buflen, bool may_sleep) { @@ -81,6 +97,53 @@ static int calc_key_hash(u8 *key, unsigned int key_len, const char *salt, return ret; } +static int get_key_fingerprint(u8 *fingerprint, u8 *key, unsigned int key_len, + bool may_sleep) +{ + return calc_key_hash(key, key_len, "FINGERPRINT", fingerprint, may_sleep); +} + +void snapshot_key_page_erase(unsigned long pfn, void *buff_addr) +{ + if (!skey.initialized || pfn != skey.pfn) + return; + + /* erase key data from snapshot buffer page */ + if (!memcmp(skey.key, buff_addr + skey.addr_offset, skey.key_len)) { + memzero_explicit(buff_addr + skey.addr_offset, skey.key_len); + pr_info("Erased swsusp key in snapshot pages.\n"); + } +} + +/* this function may sleeps because snapshot_key_init() */ +void snapshot_key_trampoline_backup(struct trampoline *t) +{ + if (!t || snapshot_key_init()) + return; + + memcpy(t->snapshot_key, skey.key, skey.key_len); +} + +/* Be called after snapshot image restored success */ +void snapshot_key_trampoline_restore(struct trampoline *t) +{ + u8 fingerprint[SHA512_DIGEST_SIZE]; + + if (!skey.initialized || !t) + return; + + /* check key fingerprint before restore */ + get_key_fingerprint(fingerprint, t->snapshot_key, skey.key_len, true); + if (memcmp(skey.fingerprint, fingerprint, SHA512_DIGEST_SIZE)) { + pr_warn("Restored swsusp key failed, fingerprint mismatch.\n"); + snapshot_key_clean(); + return; + } + + memcpy(skey.key, t->snapshot_key, skey.key_len); + memzero_explicit(t->snapshot_key, SNAPSHOT_KEY_SIZE); +} + /* Derive authentication/encryption key */ static int get_derived_key(u8 *derived_key, const char *derived_type_str, bool may_sleep) @@ -230,10 +293,14 @@ int snapshot_key_init(void) if (err) goto key_fail; + skey.pfn = page_to_pfn(virt_to_page(skey.key)); + skey.addr_offset = (unsigned long) skey.key & ~PAGE_MASK; + get_key_fingerprint(skey.fingerprint, skey.key, skey.key_len, true); barrier(); skey.initialized = true; pr_info("Snapshot key is initialled.\n"); + pr_debug("Fingerprint %*phN\n", SHA512_DIGEST_SIZE, skey.fingerprint); return 0; -- 2.13.6
WARNING: multiple messages have this Message-ID (diff)
From: "Lee, Chun-Yi" <joeyli.kernel@gmail.com> To: "Rafael J . Wysocki" <rjw@rjwysocki.net>, Pavel Machek <pavel@ucw.cz> Cc: linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Lee, Chun-Yi" <jlee@suse.com>, "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>, Chen Yu <yu.c.chen@intel.com>, Oliver Neukum <oneukum@suse.com>, Ryan Chen <yu.chen.surf@gmail.com>, David Howells <dhowells@redhat.com>, Giovanni Gherdovich <ggherdovich@suse.cz>, Randy Dunlap <rdunlap@infradead.org>, Jann Horn <jannh@google.com>, Andy Lutomirski <luto@kernel.org> Subject: [PATCH 4/5 v2] PM / hibernate: Erase the snapshot master key in snapshot pages Date: Thu, 3 Jan 2019 22:32:26 +0800 [thread overview] Message-ID: <20190103143227.9138-5-jlee@suse.com> (raw) In-Reply-To: <20190103143227.9138-1-jlee@suse.com> If the encryption key be guessed then the snapshot master key can also be grabbed from snapshot image. Which means that the authentication key can also be calculated. So kernel erases master key in snapshot pages. Because the master key in image kernel be erased, kernel uses the trampoline page to forward snapshot master key to image kernel. v2: - Add memory barrier after cleaning key initialized flag. Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com> Cc: Pavel Machek <pavel@ucw.cz> Cc: Chen Yu <yu.c.chen@intel.com> Cc: Oliver Neukum <oneukum@suse.com> Cc: Ryan Chen <yu.chen.surf@gmail.com> Cc: David Howells <dhowells@redhat.com> Cc: Giovanni Gherdovich <ggherdovich@suse.cz> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Jann Horn <jannh@google.com> Cc: Andy Lutomirski <luto@kernel.org> Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com> --- kernel/power/power.h | 6 ++++ kernel/power/snapshot.c | 5 ++++ kernel/power/snapshot_key.c | 67 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 78 insertions(+) diff --git a/kernel/power/power.h b/kernel/power/power.h index 41263fdd3a54..d2fc73b2e200 100644 --- a/kernel/power/power.h +++ b/kernel/power/power.h @@ -36,6 +36,7 @@ struct swsusp_info { struct trampoline { bool snapshot_key_valid; int sig_verify_ret; + u8 snapshot_key[SNAPSHOT_KEY_SIZE]; } __aligned(PAGE_SIZE); #ifdef CONFIG_HIBERNATION @@ -55,6 +56,9 @@ extern int snapshot_key_init(void); extern bool snapshot_key_initialized(void); extern int snapshot_get_auth_key(u8 *auth_key, bool may_sleep); extern int snapshot_get_enc_key(u8 *enc_key, bool may_sleep); +extern void snapshot_key_page_erase(unsigned long pfn, void *buff_addr); +extern void snapshot_key_trampoline_backup(struct trampoline *t); +extern void snapshot_key_trampoline_restore(struct trampoline *t); #else static inline int snapshot_image_verify_decrypt(void) { return 0; } static inline int snapshot_prepare_crypto(bool may_sleep, bool create_iv) { return 0; } @@ -62,6 +66,8 @@ static inline void snapshot_finish_crypto(void) {} static inline int snapshot_prepare_hash(bool may_sleep) { return 0; } static inline void snapshot_finish_hash(void) {} static inline int snapshot_key_init(void) { return 0; } +static inline void snapshot_key_trampoline_backup(struct trampoline *t) {} +static inline void snapshot_key_trampoline_restore(struct trampoline *t) {} #endif /* !CONFIG_HIBERNATION_ENC_AUTH */ #ifdef CONFIG_ARCH_HIBERNATION_HEADER diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c index cd10ab5e4850..80ed8e7c5ed8 100644 --- a/kernel/power/snapshot.c +++ b/kernel/power/snapshot.c @@ -1697,6 +1697,9 @@ __copy_data_pages(struct memory_bitmap *copy_bm, struct memory_bitmap *orig_bm) crypto_buffer = page_address(d_page); } + /* Erase key data in snapshot */ + snapshot_key_page_erase(pfn, crypto_buffer); + /* Encrypt hashed page */ encrypt_data_page(crypto_buffer); @@ -2482,6 +2485,7 @@ void snapshot_init_trampoline(void) t = (struct trampoline *)trampoline_buff; init_sig_verify(t); + snapshot_key_trampoline_backup(t); pr_info("Hibernation trampoline page prepared\n"); } @@ -2505,6 +2509,7 @@ void snapshot_restore_trampoline(void) t = (struct trampoline *)trampoline_virt; handle_sig_verify(t); + snapshot_key_trampoline_restore(t); snapshot_free_trampoline(); } diff --git a/kernel/power/snapshot_key.c b/kernel/power/snapshot_key.c index 3a569b505d8d..9d478c27d6b9 100644 --- a/kernel/power/snapshot_key.c +++ b/kernel/power/snapshot_key.c @@ -29,11 +29,27 @@ static struct snapshot_key { const char *key_name; bool initialized; unsigned int key_len; + unsigned long pfn; /* pfn of keyblob */ + unsigned long addr_offset; /* offset in page for keyblob */ u8 key[SNAPSHOT_KEY_SIZE]; + u8 fingerprint[SHA512_DIGEST_SIZE]; /* fingerprint of keyblob */ } skey = { .key_name = "swsusp-kmk", }; +static void snapshot_key_clean(void) +{ + crypto_free_shash(hash_tfm); + hash_tfm = NULL; + skey.initialized = false; + barrier(); + skey.pfn = 0; + skey.key_len = 0; + skey.addr_offset = 0; + memzero_explicit(skey.key, SNAPSHOT_KEY_SIZE); + memzero_explicit(skey.fingerprint, SHA512_DIGEST_SIZE); +} + static int calc_hash(u8 *digest, const u8 *buf, unsigned int buflen, bool may_sleep) { @@ -81,6 +97,53 @@ static int calc_key_hash(u8 *key, unsigned int key_len, const char *salt, return ret; } +static int get_key_fingerprint(u8 *fingerprint, u8 *key, unsigned int key_len, + bool may_sleep) +{ + return calc_key_hash(key, key_len, "FINGERPRINT", fingerprint, may_sleep); +} + +void snapshot_key_page_erase(unsigned long pfn, void *buff_addr) +{ + if (!skey.initialized || pfn != skey.pfn) + return; + + /* erase key data from snapshot buffer page */ + if (!memcmp(skey.key, buff_addr + skey.addr_offset, skey.key_len)) { + memzero_explicit(buff_addr + skey.addr_offset, skey.key_len); + pr_info("Erased swsusp key in snapshot pages.\n"); + } +} + +/* this function may sleeps because snapshot_key_init() */ +void snapshot_key_trampoline_backup(struct trampoline *t) +{ + if (!t || snapshot_key_init()) + return; + + memcpy(t->snapshot_key, skey.key, skey.key_len); +} + +/* Be called after snapshot image restored success */ +void snapshot_key_trampoline_restore(struct trampoline *t) +{ + u8 fingerprint[SHA512_DIGEST_SIZE]; + + if (!skey.initialized || !t) + return; + + /* check key fingerprint before restore */ + get_key_fingerprint(fingerprint, t->snapshot_key, skey.key_len, true); + if (memcmp(skey.fingerprint, fingerprint, SHA512_DIGEST_SIZE)) { + pr_warn("Restored swsusp key failed, fingerprint mismatch.\n"); + snapshot_key_clean(); + return; + } + + memcpy(skey.key, t->snapshot_key, skey.key_len); + memzero_explicit(t->snapshot_key, SNAPSHOT_KEY_SIZE); +} + /* Derive authentication/encryption key */ static int get_derived_key(u8 *derived_key, const char *derived_type_str, bool may_sleep) @@ -230,10 +293,14 @@ int snapshot_key_init(void) if (err) goto key_fail; + skey.pfn = page_to_pfn(virt_to_page(skey.key)); + skey.addr_offset = (unsigned long) skey.key & ~PAGE_MASK; + get_key_fingerprint(skey.fingerprint, skey.key, skey.key_len, true); barrier(); skey.initialized = true; pr_info("Snapshot key is initialled.\n"); + pr_debug("Fingerprint %*phN\n", SHA512_DIGEST_SIZE, skey.fingerprint); return 0; -- 2.13.6
next prev parent reply other threads:[~2019-01-03 14:32 UTC|newest] Thread overview: 181+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-01-03 14:32 [PATCH 0/5 v2][RFC] Encryption and authentication for hibernate snapshot image Lee, Chun-Yi 2019-01-03 14:32 ` Lee, Chun-Yi 2019-01-03 14:32 ` [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler Lee, Chun-Yi 2019-01-03 14:32 ` Lee, Chun-Yi 2019-01-06 8:01 ` Stephan Mueller 2019-01-06 8:01 ` Stephan Mueller 2019-01-06 8:25 ` Stephan Mueller 2019-01-06 8:25 ` Stephan Mueller 2019-01-07 15:33 ` joeyli 2019-01-07 15:33 ` joeyli 2019-01-07 15:52 ` Stephan Mueller 2019-01-07 15:52 ` Stephan Mueller 2019-01-08 5:03 ` Herbert Xu 2019-01-08 5:03 ` Herbert Xu 2019-01-08 7:09 ` Stephan Mueller 2019-01-08 7:09 ` Stephan Mueller 2019-01-08 23:54 ` Andy Lutomirski 2019-01-08 23:54 ` Andy Lutomirski 2019-01-09 0:44 ` James Bottomley 2019-01-09 0:44 ` James Bottomley 2019-01-09 0:44 ` James Bottomley 2019-01-09 1:43 ` Andy Lutomirski 2019-01-09 1:43 ` Andy Lutomirski 2019-01-09 6:49 ` James Bottomley 2019-01-09 6:49 ` James Bottomley 2019-01-09 18:11 ` joeyli 2019-01-09 18:11 ` joeyli 2019-01-11 15:53 ` Jarkko Sakkinen 2019-01-11 15:53 ` Jarkko Sakkinen 2019-01-09 18:34 ` Andy Lutomirski 2019-01-09 18:34 ` Andy Lutomirski 2019-01-09 19:46 ` James Bottomley 2019-01-09 19:46 ` James Bottomley 2019-01-09 20:12 ` Andy Lutomirski 2019-01-09 20:12 ` Andy Lutomirski 2019-01-09 21:43 ` James Bottomley 2019-01-09 21:43 ` James Bottomley 2019-01-09 22:19 ` Pavel Machek 2019-01-09 22:19 ` Pavel Machek 2019-01-11 16:04 ` Jarkko Sakkinen 2019-01-11 16:04 ` Jarkko Sakkinen 2019-01-11 14:02 ` Jarkko Sakkinen 2019-01-11 14:02 ` Jarkko Sakkinen 2019-01-11 15:28 ` James Bottomley 2019-01-11 15:28 ` James Bottomley 2019-01-18 14:33 ` Jarkko Sakkinen 2019-01-18 14:33 ` Jarkko Sakkinen 2019-01-18 20:59 ` James Bottomley 2019-01-18 20:59 ` James Bottomley 2019-01-20 16:02 ` Jarkko Sakkinen 2019-01-20 16:02 ` Jarkko Sakkinen 2019-01-09 6:45 ` Stephan Mueller 2019-01-09 6:45 ` Stephan Mueller 2019-01-09 6:58 ` James Bottomley 2019-01-09 6:58 ` James Bottomley 2019-01-09 7:05 ` Stephan Mueller 2019-01-09 7:05 ` Stephan Mueller 2019-01-09 8:21 ` Eric Biggers 2019-01-09 8:21 ` Eric Biggers 2019-01-09 10:17 ` Stephan Mueller 2019-01-09 10:17 ` Stephan Mueller 2019-01-09 17:34 ` Eric Biggers 2019-01-09 17:34 ` Eric Biggers 2019-01-09 18:18 ` Stephan Mueller 2019-01-09 18:18 ` Stephan Mueller 2019-01-11 19:08 ` [PATCH 0/6] General Key Derivation Function Support Stephan Müller 2019-01-11 19:08 ` Stephan Müller 2019-01-11 19:09 ` [PATCH 1/6] crypto: add template handling for RNGs Stephan Müller 2019-01-11 19:09 ` Stephan Müller 2019-01-11 19:10 ` [PATCH 2/6] crypto: kdf - SP800-108 Key Derivation Function Stephan Müller 2019-01-11 19:10 ` Stephan Müller 2019-01-12 5:27 ` Eric Biggers 2019-01-12 5:27 ` Eric Biggers 2019-01-14 9:31 ` Stephan Müller 2019-01-14 9:31 ` Stephan Müller 2019-01-11 19:10 ` [PATCH 3/6] crypto: kdf - add known answer tests Stephan Müller 2019-01-11 19:10 ` Stephan Müller 2019-01-12 5:26 ` Eric Biggers 2019-01-12 5:26 ` Eric Biggers 2019-01-14 9:26 ` Stephan Müller 2019-01-14 9:26 ` Stephan Müller 2019-01-11 19:10 ` [PATCH 4/6] crypto: hkdf - RFC5869 Key Derivation Function Stephan Müller 2019-01-11 19:10 ` Stephan Müller 2019-01-12 5:12 ` Eric Biggers 2019-01-12 5:12 ` Eric Biggers 2019-01-12 9:55 ` Herbert Xu 2019-01-12 9:55 ` Herbert Xu 2019-01-13 7:56 ` Stephan Müller 2019-01-13 7:56 ` Stephan Müller 2019-01-13 16:52 ` James Bottomley 2019-01-13 16:52 ` James Bottomley 2019-01-14 9:30 ` Stephan Müller 2019-01-14 9:30 ` Stephan Müller 2019-01-14 17:53 ` Eric Biggers 2019-01-14 17:53 ` Eric Biggers 2019-01-14 18:44 ` Stephan Mueller 2019-01-14 18:44 ` Stephan Mueller 2019-01-11 19:10 ` [PATCH 5/6] crypto: hkdf - add known answer tests Stephan Müller 2019-01-11 19:10 ` Stephan Müller 2019-01-12 5:19 ` Eric Biggers 2019-01-12 5:19 ` Eric Biggers 2019-01-14 9:25 ` Stephan Müller 2019-01-14 9:25 ` Stephan Müller 2019-01-14 17:44 ` Eric Biggers 2019-01-14 17:44 ` Eric Biggers 2019-01-11 19:11 ` [PATCH 6/6] crypto: tcrypt - add KDF test invocation Stephan Müller 2019-01-11 19:11 ` Stephan Müller 2019-01-16 11:06 ` [PATCH v2 0/6] General Key Derivation Function Support Stephan Müller 2019-01-16 11:06 ` Stephan Müller 2019-01-16 11:07 ` [PATCH v2 1/6] crypto: add template handling for RNGs Stephan Müller 2019-01-16 11:07 ` Stephan Müller 2019-01-16 11:08 ` [PATCH v2 2/6] crypto: kdf - SP800-108 Key Derivation Function Stephan Müller 2019-01-16 11:08 ` Stephan Müller 2019-01-16 11:08 ` [PATCH v2 3/6] crypto: kdf - add known answer tests Stephan Müller 2019-01-16 11:08 ` Stephan Müller 2019-01-16 11:08 ` [PATCH v2 4/6] crypto: hkdf - HMAC-based Extract-and-Expand KDF Stephan Müller 2019-01-16 11:08 ` Stephan Müller 2019-01-16 11:09 ` [PATCH v2 5/6] crypto: hkdf - add known answer tests Stephan Müller 2019-01-16 11:09 ` Stephan Müller 2019-01-16 11:09 ` [PATCH v2 6/6] crypto: tcrypt - add KDF test invocation Stephan Müller 2019-01-16 11:09 ` Stephan Müller 2019-01-28 10:07 ` [PATCH v2 0/6] General Key Derivation Function Support Stephan Mueller 2019-01-28 10:07 ` Stephan Mueller 2019-01-30 10:08 ` Herbert Xu 2019-01-30 10:08 ` Herbert Xu 2019-01-30 14:39 ` Stephan Mueller 2019-01-30 14:39 ` Stephan Mueller 2019-02-08 7:45 ` Herbert Xu 2019-02-08 7:45 ` Herbert Xu 2019-02-08 8:00 ` Stephan Mueller 2019-02-08 8:00 ` Stephan Mueller 2019-02-08 8:05 ` Herbert Xu 2019-02-08 8:05 ` Herbert Xu 2019-02-08 8:17 ` Stephan Mueller 2019-02-08 8:17 ` Stephan Mueller 2019-02-19 5:44 ` Herbert Xu 2019-02-19 5:44 ` Herbert Xu 2019-01-09 15:34 ` [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler James Bottomley 2019-01-09 15:34 ` James Bottomley 2019-01-09 6:27 ` Stephan Mueller 2019-01-09 6:27 ` Stephan Mueller 2019-01-03 14:32 ` [PATCH 2/5] PM / hibernate: Generate and verify signature for snapshot image Lee, Chun-Yi 2019-01-03 14:32 ` Lee, Chun-Yi 2019-01-06 8:09 ` Stephan Mueller 2019-01-06 8:09 ` Stephan Mueller 2019-01-07 18:58 ` Dan Carpenter 2019-01-07 18:58 ` Dan Carpenter 2019-01-03 14:32 ` [PATCH 3/5] PM / hibernate: Encrypt " Lee, Chun-Yi 2019-01-03 14:32 ` Lee, Chun-Yi 2019-01-06 8:23 ` Stephan Mueller 2019-01-06 8:23 ` Stephan Mueller 2019-01-03 14:32 ` Lee, Chun-Yi [this message] 2019-01-03 14:32 ` [PATCH 4/5 v2] PM / hibernate: Erase the snapshot master key in snapshot pages Lee, Chun-Yi 2019-01-03 14:32 ` [PATCH 5/5 v2] PM / hibernate: An option to request that snapshot image must be authenticated Lee, Chun-Yi 2019-01-03 14:32 ` Lee, Chun-Yi 2019-01-06 18:10 ` [PATCH 0/5 v2][RFC] Encryption and authentication for hibernate snapshot image Pavel Machek 2019-01-06 18:10 ` Pavel Machek 2019-01-07 17:37 ` joeyli 2019-01-07 17:37 ` joeyli 2019-01-07 18:07 ` Pavel Machek 2019-01-07 18:07 ` Pavel Machek 2019-01-08 21:41 ` Andy Lutomirski 2019-01-08 21:41 ` Andy Lutomirski 2019-01-08 23:42 ` Pavel Machek 2019-01-08 23:42 ` Pavel Machek 2019-01-09 16:39 ` joeyli 2019-01-09 16:39 ` joeyli 2019-01-09 16:47 ` Stephan Mueller 2019-01-09 16:47 ` Stephan Mueller 2019-01-11 14:29 ` joeyli 2019-01-11 14:29 ` joeyli 2019-01-09 16:51 ` joeyli 2019-01-09 16:51 ` joeyli 2019-01-09 18:47 ` Andy Lutomirski 2019-01-09 18:47 ` Andy Lutomirski 2019-01-10 15:12 ` joeyli 2019-01-10 15:12 ` joeyli 2019-01-11 1:09 ` Andy Lutomirski 2019-01-11 1:09 ` Andy Lutomirski 2019-01-11 14:59 ` joeyli 2019-01-11 14:59 ` joeyli
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190103143227.9138-5-jlee@suse.com \ --to=joeyli.kernel@gmail.com \ --cc=dhowells@redhat.com \ --cc=ggherdovich@suse.cz \ --cc=jannh@google.com \ --cc=jlee@suse.com \ --cc=keyrings@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-pm@vger.kernel.org \ --cc=luto@kernel.org \ --cc=oneukum@suse.com \ --cc=pavel@ucw.cz \ --cc=rafael.j.wysocki@intel.com \ --cc=rdunlap@infradead.org \ --cc=rjw@rjwysocki.net \ --cc=yu.c.chen@intel.com \ --cc=yu.chen.surf@gmail.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.