linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: joeyli <jlee@suse.com>
To: Oliver Neukum <oneukum@suse.com>
Cc: Yu Chen <yu.c.chen@intel.com>, Pavel Machek <pavel@ucw.cz>,
	"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
	Eric Biggers <ebiggers@google.com>, Theodore Ts o <tytso@mit.edu>,
	Stephan Mueller <smueller@chronox.de>,
	Denis Kenzior <denkenz@gmail.com>,
	linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-kernel@vger.kernel.org, "Gu, Kookoo" <kookoo.gu@intel.com>,
	"Zhang, Rui" <rui.zhang@intel.com>
Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption
Date: Thu, 26 Jul 2018 16:14:04 +0800	[thread overview]
Message-ID: <20180726081404.GG4244@linux-l9pv.suse> (raw)
In-Reply-To: <1532590246.7411.3.camel@suse.com>

On Thu, Jul 26, 2018 at 09:30:46AM +0200, Oliver Neukum wrote:
> On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote:
> > 
> > Good point, we once tried to generate key in kernel, but people
> > suggest to generate key in userspace and provide it to the
> > kernel, which is what ecryptfs do currently, so it seems this
> > should also be safe for encryption in kernel.
> > https://www.spinics.net/lists/linux-crypto/msg33145.html
> > Thus Chun-Yi's signature can use EFI key and both the key from
> > user space.
> 
> Hi,
> 
> ecryptfs can trust user space. It is supposed to keep data
> safe while the system is inoperative. The whole point of Secure
> Boot is a cryptographic system of trust that does not include
> user space.
> 
> I seriously doubt we want to use trusted computing here. So the
> key needs to be generated in kernel space and stored in a safe
> manner. As we have a saolution doing that, can we come to ausable
> synthesis?
> 
> 	Regards
> 		Oliver

Crurently there have two solutions, they are trusted key and EFI key.
Both of them are generated in kernel and are not visible in user space.

The trusted key is generated by kernel then sealed by the TPM's
SRK. So the trusted key can be stored in anywhere then be enrolled
to kernel when we need it. EVM already uses it.

The EFI key is Jiri Kosina's idea. It is stored in boot services
variable, which means that it can only be access by signed EFI binary
(e.g. signed EFI boot stub) when secure boot be enabled. SLE applied
this solution a couple of years.

I am working on put the EFI key to key retention service. Then
EFI key can be a master key of encrypted key. EVM can also use
it: 
https://github.com/joeyli/linux-s4sign/commit/bae39460393ada4c0226dd07cd5e3afcef86b71f
https://github.com/joeyli/linux-s4sign/commit/f552f97cc3cca5acd84f424b7f946ffb5fe8e9ec

That's why I want to use key retention service in hibernation
encryption/authentication. Which means that we can use key
API to access trusted key and EFI key.  

Thanks
Joey Lee

  reply	other threads:[~2018-07-26  8:14 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-18 16:38 [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Chen Yu
2018-07-18 16:39 ` [PATCH 1/4][RFC v2] PM / Hibernate: Add helper functions for " Chen Yu
2018-07-18 16:39 ` [PATCH 2/4][RFC v2] PM / hibernate: Install crypto hooks " Chen Yu
2018-07-18 16:40 ` [PATCH 4/4][RFC v2] tools: create power/crypto utility Chen Yu
2018-07-18 20:22 ` [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Pavel Machek
2018-07-18 23:58   ` Yu Chen
2018-07-19 11:01     ` Pavel Machek
2018-07-19 13:20       ` Yu Chen
2018-07-20 10:25         ` Pavel Machek
2018-07-23 11:42           ` Oliver Neukum
2018-07-23 12:22             ` Pavel Machek
2018-07-23 16:38               ` Yu Chen
2018-07-24 12:05                 ` Pavel Machek
2018-07-24 11:49               ` Oliver Neukum
2018-07-24 13:04                 ` Pavel Machek
2018-07-23 16:23             ` Yu Chen
2018-07-24 11:40               ` Oliver Neukum
2018-07-24 12:01               ` Pavel Machek
2018-07-24 12:47                 ` Oliver Neukum
2018-07-24 13:03                   ` Pavel Machek
2018-07-24 13:01                     ` Oliver Neukum
2018-07-26  7:30               ` Oliver Neukum
2018-07-26  8:14                 ` joeyli [this message]
2018-07-30 17:04                   ` joeyli
2018-08-03  3:37                     ` Yu Chen
2018-08-03  5:34                       ` joeyli
2018-08-03 13:14                         ` Ryan Chen
2018-08-03 14:05                           ` joeyli
2018-08-03 16:09                             ` Ryan Chen
2018-08-03 18:06                               ` joeyli
2018-08-05 10:02                           ` Pavel Machek
2018-08-06  8:45                             ` Yu Chen
2018-08-06 10:39                               ` joeyli
2018-08-07  7:43                                 ` Yu Chen
2018-08-07 16:27                                   ` joeyli
2018-08-08 17:58                                 ` Pavel Machek
2018-08-09  3:43                                   ` Yu Chen
2018-08-09  8:12                                     ` joeyli
2018-08-08 17:50                               ` Pavel Machek
2018-08-09  3:01                                 ` Yu Chen
2018-08-09  6:53                                   ` Pavel Machek
2018-08-09  9:03                                   ` Oliver Neukum
2018-08-09 15:55                                   ` joeyli
2018-08-06  7:57                 ` Yu Chen
2018-08-06  9:48                   ` joeyli
2018-08-06 10:07                     ` Yu Chen
2018-08-06 10:20                   ` Oliver Neukum
2018-08-07  7:38                     ` Yu Chen
2018-08-07  7:49                       ` Ryan Chen
2018-08-07 10:04                       ` Oliver Neukum
2018-07-24 14:47             ` joeyli
2018-07-19 14:58       ` joeyli
     [not found] ` <edf92acf665b928f02104bb1835fd50723ab9980.1531924968.git.yu.c.chen@intel.com>
2018-07-19  5:32   ` [PATCH 3/4][RFC v2] PM / Hibernate: Encrypt the snapshot pages before submitted to the block device Yu Chen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180726081404.GG4244@linux-l9pv.suse \
    --to=jlee@suse.com \
    --cc=denkenz@gmail.com \
    --cc=ebiggers@google.com \
    --cc=kookoo.gu@intel.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=oneukum@suse.com \
    --cc=pavel@ucw.cz \
    --cc=rafael.j.wysocki@intel.com \
    --cc=rui.zhang@intel.com \
    --cc=smueller@chronox.de \
    --cc=tytso@mit.edu \
    --cc=yu.c.chen@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).