All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pavel Machek <pavel@ucw.cz>
To: Yu Chen <yu.c.chen@intel.com>
Cc: Ryan Chen <yu.chen.surf@gmail.com>,
	jlee@suse.com, oneukum@suse.com,
	"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
	ebiggers@google.com, Theodore Ts'o <tytso@mit.edu>,
	smueller@chronox.de, denkenz@gmail.com,
	Linux PM list <linux-pm@vger.kernel.org>,
	linux-crypto@vger.kernel.org,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	kookoo.gu@intel.com, Zhang Rui <rui.zhang@intel.com>
Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption
Date: Thu, 9 Aug 2018 08:53:06 +0200	[thread overview]
Message-ID: <20180809065306.GA24201@amd> (raw)
In-Reply-To: <20180809030135.GA21364@chenyu-desktop>

[-- Attachment #1: Type: text/plain, Size: 2100 bytes --]

Hi!

> > Define unsafe.
> > 
> > If you want security against bad people resuming your machines, please
> Yes, this is one of the requirements.

> > But I thought you were trying to do something for secure boot, and "bad
> > person resumes your machine" is out of scope there.
> > 
> Not exactly, secure boot is one solution to meet the requirement.

Is it? AFAICT secure boot is something else. "Not even owner can see
kernel memory".

> > So please always explain security against _what kind of attack_ you
> > are trying to improve; intelligent communication is not possible
> > without that.
> > 
> User requirement:
> A is the user, B is the attacker, user A launches a STD and
> encrypts A's ram data, then writes these encrypted data onto
> the disk,  so that: Even if user B has access to the disk,
> B could not know the content of A. Which implies:
> 1. If B unplugs the disk from A's machine, and plugs the disk onto
>    another machine, B could not decode the content without A's
>    'permission'.
> 2. If B is using the same machine as A, even A has walked away leaving
>    the system suspend, B could not resume to A's context without
>    A's 'permission'.

Ok. Let's call this "effective resume password".

> Previously, there are three proposal for this:
> a. Enhance the uswsusp(Pavel)

Actually you don't have to enhance anything. Uswsusp already provides
"effective resume password".

If you only want to ask for password on resume, RSA is needed.

> Then let's talk a little more about secure boot. According
> to my understanding, the situation secure boot tries to deal
> with is a little different from the user case we raised above -
> It is an enhancement for case 1, because it refuses to resume
> once the machine is changed. And it does not cover case 2. But
> if it is a requirement from the user, that's ok.

That does not match my understanding of secure boot.
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]

  reply	other threads:[~2018-08-09  6:53 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-18 16:38 [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Chen Yu
2018-07-18 16:39 ` [PATCH 1/4][RFC v2] PM / Hibernate: Add helper functions for " Chen Yu
2018-07-18 16:39 ` [PATCH 2/4][RFC v2] PM / hibernate: Install crypto hooks " Chen Yu
2018-07-18 16:40 ` [PATCH 4/4][RFC v2] tools: create power/crypto utility Chen Yu
2018-07-18 20:22 ` [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Pavel Machek
2018-07-18 23:58   ` Yu Chen
2018-07-19 11:01     ` Pavel Machek
2018-07-19 13:20       ` Yu Chen
2018-07-20 10:25         ` Pavel Machek
2018-07-23 11:42           ` Oliver Neukum
2018-07-23 12:22             ` Pavel Machek
2018-07-23 16:38               ` Yu Chen
2018-07-23 16:38                 ` Yu Chen
2018-07-24 12:05                 ` Pavel Machek
2018-07-24 11:49               ` Oliver Neukum
2018-07-24 13:04                 ` Pavel Machek
2018-07-23 16:23             ` Yu Chen
2018-07-24 11:40               ` Oliver Neukum
2018-07-24 12:01               ` Pavel Machek
2018-07-24 12:47                 ` Oliver Neukum
2018-07-24 13:03                   ` Pavel Machek
2018-07-24 13:01                     ` Oliver Neukum
2018-07-26  7:30               ` Oliver Neukum
2018-07-26  8:14                 ` joeyli
2018-07-30 17:04                   ` joeyli
2018-08-03  3:37                     ` Yu Chen
2018-08-03  5:34                       ` joeyli
2018-08-03 13:14                         ` Ryan Chen
2018-08-03 14:05                           ` joeyli
2018-08-03 16:09                             ` Ryan Chen
2018-08-03 18:06                               ` joeyli
2018-08-05 10:02                           ` Pavel Machek
2018-08-06  8:45                             ` Yu Chen
2018-08-06 10:39                               ` joeyli
2018-08-07  7:43                                 ` Yu Chen
2018-08-07 16:27                                   ` joeyli
2018-08-08 17:58                                 ` Pavel Machek
2018-08-09  3:43                                   ` Yu Chen
2018-08-09  8:12                                     ` joeyli
2018-08-08 17:50                               ` Pavel Machek
2018-08-09  3:01                                 ` Yu Chen
2018-08-09  6:53                                   ` Pavel Machek [this message]
2018-08-09  9:03                                   ` Oliver Neukum
2018-08-09 15:55                                   ` joeyli
2018-08-06  7:57                 ` Yu Chen
2018-08-06  9:48                   ` joeyli
2018-08-06 10:07                     ` Yu Chen
2018-08-06 10:20                   ` Oliver Neukum
2018-08-07  7:38                     ` Yu Chen
2018-08-07  7:49                       ` Ryan Chen
2018-08-07 10:04                       ` Oliver Neukum
2018-07-24 14:47             ` joeyli
2018-07-19 14:58       ` joeyli
     [not found] ` <edf92acf665b928f02104bb1835fd50723ab9980.1531924968.git.yu.c.chen@intel.com>
2018-07-19  5:32   ` [PATCH 3/4][RFC v2] PM / Hibernate: Encrypt the snapshot pages before submitted to the block device Yu Chen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180809065306.GA24201@amd \
    --to=pavel@ucw.cz \
    --cc=denkenz@gmail.com \
    --cc=ebiggers@google.com \
    --cc=jlee@suse.com \
    --cc=kookoo.gu@intel.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=oneukum@suse.com \
    --cc=rafael.j.wysocki@intel.com \
    --cc=rui.zhang@intel.com \
    --cc=smueller@chronox.de \
    --cc=tytso@mit.edu \
    --cc=yu.c.chen@intel.com \
    --cc=yu.chen.surf@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.