From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1BF0CC54EE9 for ; Tue, 20 Sep 2022 08:47:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230428AbiITIrJ (ORCPT ); Tue, 20 Sep 2022 04:47:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231469AbiITIqy (ORCPT ); Tue, 20 Sep 2022 04:46:54 -0400 Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5CDCE36875; Tue, 20 Sep 2022 01:46:50 -0700 (PDT) Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 9C98D1C000F; Tue, 20 Sep 2022 10:46:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucw.cz; s=gen1; t=1663663608; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=m+B044GiOC3FAHs7y8TAP5asmItikcEGRpu5Fy9MMXw=; b=mi/lhRJA28hXLOLUUNvAjRNQgDkpVqi2t4fefgT3gyLQJ/IRDTmkLHghrnSCAIHfe0iFxe 4ZoRH1eMoCzYNlhpTCx+JQzcrL4O8gcPxw1PJbKcjsgZOW5FMU3AQ+v5MxPmEGVqrgIgzq vZIneReOXTciX9VDgVpIp1hrm4RNoV8= Date: Tue, 20 Sep 2022 10:46:48 +0200 From: Pavel Machek To: Evan Green Cc: linux-kernel@vger.kernel.org, gwendal@chromium.org, Eric Biggers , Matthew Garrett , jarkko@kernel.org, zohar@linux.ibm.com, linux-integrity@vger.kernel.org, apronin@chromium.org, dlunev@google.com, rjw@rjwysocki.net, linux-pm@vger.kernel.org, corbet@lwn.net, jejb@linux.ibm.com, David Howells , Hao Wu , James Morris , Jason Gunthorpe , Len Brown , Matthew Garrett , Paul Moore , Peter Huewe , "Rafael J. Wysocki" , "Serge E. Hallyn" , axelj , keyrings@vger.kernel.org, linux-doc@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [PATCH v2 00/10] Encrypted Hibernation Message-ID: <20220920084648.GA17087@duo.ucw.cz> References: <20220823222526.1524851-1-evgreen@chromium.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy" Content-Disposition: inline In-Reply-To: <20220823222526.1524851-1-evgreen@chromium.org> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org --gBBFr7Ir9EOA20Yy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > We are exploring enabling hibernation in some new scenarios. However, > our security team has a few requirements, listed below: > 1. The hibernate image must be encrypted with protection derived from > both the platform (eg TPM) and user authentication data (eg > password). > 2. Hibernation must not be a vector by which a malicious userspace can > escalate to the kernel. Why is #2 reasonable requirement? We normally allow userspace with appropriate permissions to update the kernel, for example. Best regards, Pavel --=20 People of Russia, stop Putin before his war on Ukraine escalates. --gBBFr7Ir9EOA20Yy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCYyl9+AAKCRAw5/Bqldv6 8lvdAJ4zQXifIqIZAAW6gMeQtj3ws4bIFQCffBRZxZNKdBsV8wRgBtUhoS9GFp8= =1j7r -----END PGP SIGNATURE----- --gBBFr7Ir9EOA20Yy--