From: joeyli <jlee@suse.com>
To: Randy Dunlap <rdunlap@infradead.org>
Cc: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
Pavel Machek <pavel@ucw.cz>,
linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Chen Yu <yu.c.chen@intel.com>, Oliver Neukum <oneukum@suse.com>,
Ryan Chen <yu.chen.surf@gmail.com>,
David Howells <dhowells@redhat.com>,
Giovanni Gherdovich <ggherdovich@suse.cz>
Subject: Re: [PATCH 5/5] PM / hibernate: An option to request that snapshot image must be authenticated
Date: Thu, 13 Sep 2018 16:37:09 +0800 [thread overview]
Message-ID: <20180913083709.GD3593@linux-l9pv.suse> (raw)
In-Reply-To: <0ee402c0-bd0e-ea84-9def-f6355b83b4f5@infradead.org>
Hi Randy,
On Wed, Sep 12, 2018 at 09:24:38AM -0700, Randy Dunlap wrote:
> Hi,
>
> On 9/12/18 7:23 AM, Lee, Chun-Yi wrote:
> > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > index 7c5c30149dbc..3c998fd6dc4c 100644
> > --- a/kernel/power/Kconfig
> > +++ b/kernel/power/Kconfig
> > @@ -90,6 +90,17 @@ config HIBERNATION_ENC_AUTH
> > master key of hibernation. The TPM trusted key depends on TPM. The
> > security of user defined key relies on user space.
> >
> > +config HIBERNATION_ENC_AUTH_FORCE
> > + bool "Require hibernate snapshot image to be validly signed"
> > + depends on HIBERNATION_ENC_AUTH
> > + help
> > + This option will prevent that a snapshot image without (valid)
> > + signature be restored. Without this option, a unauthenticated
>
> an
>
> > + snapshot image can be restored but the restored kernel will be
> > + tainted. Which also means that the hibernation can be triggered
>
> s/Which/This/
>
> or like this:
> tainted, which also
>
Thanks for your review and suggestion! I will update the description in
next version.
Regards
Joey Lee
prev parent reply other threads:[~2018-09-13 8:37 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-12 14:23 [PATCH 0/5][RFC] Encryption and authentication for hibernate snapshot image Lee, Chun-Yi
2018-09-12 14:23 ` [PATCH 1/5] PM / hibernate: Create snapshot keys handler Lee, Chun-Yi
2018-09-12 16:27 ` Randy Dunlap
2018-09-13 8:39 ` joeyli
2018-09-13 13:58 ` Yu Chen
2018-10-01 10:47 ` joeyli
2018-09-13 14:31 ` Jann Horn
2018-09-13 14:31 ` Jann Horn
2018-10-02 7:54 ` joeyli
2018-10-02 7:54 ` joeyli
2018-10-02 19:36 ` Jann Horn
2018-10-02 19:36 ` Jann Horn
2018-10-03 22:08 ` Andy Lutomirski
2018-10-03 22:08 ` Andy Lutomirski
2018-10-08 13:29 ` joeyli
2018-10-08 13:29 ` joeyli
2018-10-08 13:29 ` joeyli
2018-10-04 4:02 ` Mimi Zohar
2018-10-04 4:02 ` Mimi Zohar
2018-09-14 5:52 ` kbuild test robot
2018-09-12 14:23 ` [PATCH 2/5] PM / hibernate: Generate and verify signature for snapshot image Lee, Chun-Yi
2018-09-12 14:23 ` [PATCH 3/5] PM / hibernate: Encrypt " Lee, Chun-Yi
2018-09-12 14:23 ` [PATCH 4/5] PM / hibernate: Erase the snapshot master key in snapshot pages Lee, Chun-Yi
2018-09-12 14:23 ` [PATCH 5/5] PM / hibernate: An option to request that snapshot image must be authenticated Lee, Chun-Yi
2018-09-12 16:24 ` Randy Dunlap
2018-09-13 8:37 ` joeyli [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180913083709.GD3593@linux-l9pv.suse \
--to=jlee@suse.com \
--cc=dhowells@redhat.com \
--cc=ggherdovich@suse.cz \
--cc=joeyli.kernel@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=oneukum@suse.com \
--cc=pavel@ucw.cz \
--cc=rafael.j.wysocki@intel.com \
--cc=rdunlap@infradead.org \
--cc=rjw@rjwysocki.net \
--cc=yu.c.chen@intel.com \
--cc=yu.chen.surf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.