From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755415AbdDFUJz (ORCPT ); Thu, 6 Apr 2017 16:09:55 -0400 Received: from mail-oi0-f68.google.com ([209.85.218.68]:36019 "EHLO mail-oi0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751180AbdDFUJs (ORCPT ); Thu, 6 Apr 2017 16:09:48 -0400 MIME-Version: 1.0 In-Reply-To: <14980.1491468060@warthog.procyon.org.uk> References: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> <149142336965.5101.2946578135980499557.stgit@warthog.procyon.org.uk> <1491460792.1645.1.camel@suse.com> <14980.1491468060@warthog.procyon.org.uk> From: "Rafael J. Wysocki" Date: Thu, 6 Apr 2017 22:09:47 +0200 X-Google-Sender-Auth: ML05waXduufVCwXqb6Gsz-bD2fM Message-ID: Subject: Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down To: David Howells Cc: Oliver Neukum , "Rafael J. Wysocki" , Linux Kernel Mailing List , Matthew Garrett , linux-efi@vger.kernel.org, gnomes@lxorguk.ukuu.org.uk, Greg Kroah-Hartman , Linux PM , linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, matthew.garrett@nebula.com Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 6, 2017 at 10:41 AM, David Howells wrote: > Oliver Neukum wrote: > >> Your swap partition may be located on an NVDIMM or be encrypted. > > An NVDIMM should be considered the same as any other persistent storage. > > It may be encrypted, but where's the key stored, how easy is it to retrieve > and does the swapout code know this? > >> Isn't this a bit overly drastic? > > Perhaps, but if it's on disk and it's not encrypted, then maybe not. Right. Swap encryption is not mandatory and I'm not sure how the hibernate code can verify whether or not it is in use. Thanks, Rafael From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Rafael J. Wysocki" Subject: Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down Date: Thu, 6 Apr 2017 22:09:47 +0200 Message-ID: References: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> <149142336965.5101.2946578135980499557.stgit@warthog.procyon.org.uk> <1491460792.1645.1.camel@suse.com> <14980.1491468060@warthog.procyon.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Return-path: In-Reply-To: <14980.1491468060-S6HVgzuS8uM4Awkfq6JHfwNdhmdF6hFW@public.gmane.org> Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: David Howells Cc: Oliver Neukum , "Rafael J. Wysocki" , Linux Kernel Mailing List , Matthew Garrett , linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, gnomes-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org, Greg Kroah-Hartman , Linux PM , linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org List-Id: linux-efi@vger.kernel.org On Thu, Apr 6, 2017 at 10:41 AM, David Howells wrote: > Oliver Neukum wrote: > >> Your swap partition may be located on an NVDIMM or be encrypted. > > An NVDIMM should be considered the same as any other persistent storage. > > It may be encrypted, but where's the key stored, how easy is it to retrieve > and does the swapout code know this? > >> Isn't this a bit overly drastic? > > Perhaps, but if it's on disk and it's not encrypted, then maybe not. Right. Swap encryption is not mandatory and I'm not sure how the hibernate code can verify whether or not it is in use. Thanks, Rafael From mboxrd@z Thu Jan 1 00:00:00 1970 From: rafael@kernel.org (Rafael J. Wysocki) Date: Thu, 6 Apr 2017 22:09:47 +0200 Subject: [PATCH 11/24] uswsusp: Disable when the kernel is locked down In-Reply-To: <14980.1491468060@warthog.procyon.org.uk> References: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> <149142336965.5101.2946578135980499557.stgit@warthog.procyon.org.uk> <1491460792.1645.1.camel@suse.com> <14980.1491468060@warthog.procyon.org.uk> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Thu, Apr 6, 2017 at 10:41 AM, David Howells wrote: > Oliver Neukum wrote: > >> Your swap partition may be located on an NVDIMM or be encrypted. > > An NVDIMM should be considered the same as any other persistent storage. > > It may be encrypted, but where's the key stored, how easy is it to retrieve > and does the swapout code know this? > >> Isn't this a bit overly drastic? > > Perhaps, but if it's on disk and it's not encrypted, then maybe not. Right. Swap encryption is not mandatory and I'm not sure how the hibernate code can verify whether or not it is in use. Thanks, Rafael -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html