Linux cryptographic layer development
 help / color / mirror / Atom feed
* Re: [RFC PATCH 00/18 v3] Signature verification of hibernate snapshot
From: joeyli @ 2013-08-29  0:01 UTC (permalink / raw)
  To: Florian Weimer
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Pavel Machek, Josh Boyer,
	Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH, JKosina,
	Rusty Russell, Herbert Xu, David S. Miller, H. Peter Anvin,
	Michal Marek, Gary Lin, Vivek Goyal
In-Reply-To: <87eh9dzg00.fsf@mid.deneb.enyo.de>

Hi Florian, 

Thanks for your response.

於 三,2013-08-28 於 23:01 +0200,Florian Weimer 提到:
> * Chun-Yi Lee:
> 
> >  + EFI bootloader must generate RSA key-pair when system boot:

I should add more information on this sentence for mention need GenS4Key
runtime variable then re-generate key-pair.

Thanks!

> >    - Bootloader store the public key to EFI boottime variable by itself
> >    - Bootloader put The private key to S4SignKey EFI variable for forward to
> >      kernel.
> 
> Is the UEFI NVRAM really suited for such regular updates?
> 

Yes, Matthew raised this concern at before. I modified patch to load
private key in efi stub kernel, before ExitBootServices(), that means we
don't need generate key-pair at every system boot. So, the above
procedure of efi bootloader will only run one time. 

User can enable SNAPSHOT_REGEN_KEYS kernel config to notify efi
booloader regenerate key-pair for every S4 to improve security if he
want. So, the key-pair re-generate procedure will only launched when S4
resume, not every system boot.


Thanks a lot!
Joey Lee

^ permalink raw reply

* Re: [RFC PATCH 00/18 v3] Signature verification of hibernate snapshot
From: joeyli @ 2013-08-29  0:01 UTC (permalink / raw)
  To: Florian Weimer
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Pavel Machek, Josh Boyer,
	Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH, JKosina,
	Rusty Russell, Herbert Xu, David S. Miller, H. Peter Anvin,
	Michal Marek, Gary Lin, Vivek Goyal
In-Reply-To: <87eh9dzg00.fsf@mid.deneb.enyo.de>

Hi Florian, 

Thanks for your response.

於 三,2013-08-28 於 23:01 +0200,Florian Weimer 提到:
> * Chun-Yi Lee:
> 
> >  + EFI bootloader must generate RSA key-pair when system boot:

I should add more information on this sentence for mention need GenS4Key
runtime variable then re-generate key-pair.

Thanks!

> >    - Bootloader store the public key to EFI boottime variable by itself
> >    - Bootloader put The private key to S4SignKey EFI variable for forward to
> >      kernel.
> 
> Is the UEFI NVRAM really suited for such regular updates?
> 

Yes, Matthew raised this concern at before. I modified patch to load
private key in efi stub kernel, before ExitBootServices(), that means we
don't need generate key-pair at every system boot. So, the above
procedure of efi bootloader will only run one time. 

User can enable SNAPSHOT_REGEN_KEYS kernel config to notify efi
booloader regenerate key-pair for every S4 to improve security if he
want. So, the key-pair re-generate procedure will only launched when S4
resume, not every system boot.


Thanks a lot!
Joey Lee


^ permalink raw reply

* Re: [RFC PATCH 00/18 v3] Signature verification of hibernate snapshot
From: joeyli @ 2013-08-29  0:01 UTC (permalink / raw)
  To: Florian Weimer
  Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	linux-efi-u79uwXL29TY76Z2rM5mHXA, linux-pm-u79uwXL29TY76Z2rM5mHXA,
	linux-crypto-u79uwXL29TY76Z2rM5mHXA,
	opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw, David Howells,
	Rafael J. Wysocki, Matthew Garrett, Len Brown, Pavel Machek,
	Josh Boyer, Vojtech Pavlik, Matt Fleming, James Bottomley,
	Greg KH, JKosina-IBi9RG/b67k, Rusty Russell, Herbert Xu,
	David S. Miller, H. Peter Anvin, Michal Marek, Gary Lin,
	Vivek Goyal
In-Reply-To: <87eh9dzg00.fsf-ZqZwdwZz9NfTBotR3TxKnbNAH6kLmebB@public.gmane.org>

Hi Florian, 

Thanks for your response.

於 三,2013-08-28 於 23:01 +0200,Florian Weimer 提到:
> * Chun-Yi Lee:
> 
> >  + EFI bootloader must generate RSA key-pair when system boot:

I should add more information on this sentence for mention need GenS4Key
runtime variable then re-generate key-pair.

Thanks!

> >    - Bootloader store the public key to EFI boottime variable by itself
> >    - Bootloader put The private key to S4SignKey EFI variable for forward to
> >      kernel.
> 
> Is the UEFI NVRAM really suited for such regular updates?
> 

Yes, Matthew raised this concern at before. I modified patch to load
private key in efi stub kernel, before ExitBootServices(), that means we
don't need generate key-pair at every system boot. So, the above
procedure of efi bootloader will only run one time. 

User can enable SNAPSHOT_REGEN_KEYS kernel config to notify efi
booloader regenerate key-pair for every S4 to improve security if he
want. So, the key-pair re-generate procedure will only launched when S4
resume, not every system boot.


Thanks a lot!
Joey Lee

^ permalink raw reply

* Re: [RFC PATCH 00/18 v3] Signature verification of hibernate snapshot
From: joeyli @ 2013-08-29  0:01 UTC (permalink / raw)
  To: Florian Weimer
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Pavel Machek, Josh Boyer,
	Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH, JKosina,
	Rusty Russell, Herbert Xu, David S. Miller, H. Peter Anvin,
	Michal Marek, Gary Lin, Vivek Goyal
In-Reply-To: <87eh9dzg00.fsf@mid.deneb.enyo.de>

Hi Florian, 

Thanks for your response.

於 三,2013-08-28 於 23:01 +0200,Florian Weimer 提到:
> * Chun-Yi Lee:
> 
> >  + EFI bootloader must generate RSA key-pair when system boot:

I should add more information on this sentence for mention need GenS4Key
runtime variable then re-generate key-pair.

Thanks!

> >    - Bootloader store the public key to EFI boottime variable by itself
> >    - Bootloader put The private key to S4SignKey EFI variable for forward to
> >      kernel.
> 
> Is the UEFI NVRAM really suited for such regular updates?
> 

Yes, Matthew raised this concern at before. I modified patch to load
private key in efi stub kernel, before ExitBootServices(), that means we
don't need generate key-pair at every system boot. So, the above
procedure of efi bootloader will only run one time. 

User can enable SNAPSHOT_REGEN_KEYS kernel config to notify efi
booloader regenerate key-pair for every S4 to improve security if he
want. So, the key-pair re-generate procedure will only launched when S4
resume, not every system boot.


Thanks a lot!
Joey Lee

^ permalink raw reply

* Re: [RFC PATCH 00/18 v3] Signature verification of hibernate snapshot
From: joeyli @ 2013-08-29  0:01 UTC (permalink / raw)
  To: Florian Weimer
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Pavel Machek, Josh Boyer,
	Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH, JKosina,
	Rusty Russell, Herbert Xu, David S. Miller, H. Peter Anvin,
	Michal Marek, Gary Lin, Vivek Goyal
In-Reply-To: <87eh9dzg00.fsf@mid.deneb.enyo.de>

Hi Florian, 

Thanks for your response.

於 三,2013-08-28 於 23:01 +0200,Florian Weimer 提到:
> * Chun-Yi Lee:
> 
> >  + EFI bootloader must generate RSA key-pair when system boot:

I should add more information on this sentence for mention need GenS4Key
runtime variable then re-generate key-pair.

Thanks!

> >    - Bootloader store the public key to EFI boottime variable by itself
> >    - Bootloader put The private key to S4SignKey EFI variable for forward to
> >      kernel.
> 
> Is the UEFI NVRAM really suited for such regular updates?
> 

Yes, Matthew raised this concern at before. I modified patch to load
private key in efi stub kernel, before ExitBootServices(), that means we
don't need generate key-pair at every system boot. So, the above
procedure of efi bootloader will only run one time. 

User can enable SNAPSHOT_REGEN_KEYS kernel config to notify efi
booloader regenerate key-pair for every S4 to improve security if he
want. So, the key-pair re-generate procedure will only launched when S4
resume, not every system boot.


Thanks a lot!
Joey Lee

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply

* Re: [RFC PATCH 00/18 v3] Signature verification of hibernate snapshot
From: Florian Weimer @ 2013-08-28 21:01 UTC (permalink / raw)
  To: Lee, Chun-Yi
  Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	linux-efi-u79uwXL29TY76Z2rM5mHXA, linux-pm-u79uwXL29TY76Z2rM5mHXA,
	linux-crypto-u79uwXL29TY76Z2rM5mHXA,
	opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw, David Howells,
	Rafael J. Wysocki, Matthew Garrett, Len Brown, Pavel Machek,
	Josh Boyer, Vojtech Pavlik, Matt Fleming, James Bottomley,
	Greg KH, JKosina-IBi9RG/b67k, Rusty Russell, Herbert Xu,
	David S. Miller, H. Peter Anvin, Michal Marek, Gary Lin,
	Vivek Goyal, Lee, Chun-Yi
In-Reply-To: <1377169317-5959-1-git-send-email-jlee-IBi9RG/b67k@public.gmane.org>

* Chun-Yi Lee:

>  + EFI bootloader must generate RSA key-pair when system boot:
>    - Bootloader store the public key to EFI boottime variable by itself
>    - Bootloader put The private key to S4SignKey EFI variable for forward to
>      kernel.

Is the UEFI NVRAM really suited for such regular updates?

^ permalink raw reply

* Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot
From: Pavel Machek @ 2013-08-27 14:17 UTC (permalink / raw)
  To: Manfred Hollstein, joeyli, linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	linux-efi-u79uwXL29TY76Z2rM5mHXA, linux-pm-u79uwXL29TY76Z2rM5mHXA,
	linux-crypto-u79uwXL29TY76Z2rM5mHXA,
	opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw, David Howells,
	Rafael J. Wysocki, Matthew Garrett, Len Brown, Josh Boyer,
	Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH,
	JKosina-IBi9RG/b67k, Rusty Russell, Herbert Xu, David S. Miller,
	H. Peter Anvin, Michal Marek, Gary Lin, Vivek Goyal,
	Takashi Iwai <tiwai
In-Reply-To: <20130827120142.GA4314-FGSgn5mWDzkZXJsbVdw/lG363IjY150HP6IUcbMO39o@public.gmane.org>

On Tue 2013-08-27 14:01:42, Manfred Hollstein wrote:
> On Tue, 27 Aug 2013, 13:29:43 +0200, Pavel Machek wrote:
> > > > > @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
> > > > >  
> > > > >  	setup_efi_pci(boot_params);
> > > > >  
> > > > > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > > > > +	setup_s4_keys(boot_params);
> > > > > +#endif
> > > > > +
> > > > 
> > > > Move ifdef inside the function?
> > > 
> > > OK, I will define a dummy function for non-verification situation.
> > 
> > IIRC you can just put the #ifdef inside the function body. 
> 
> This is certainly not to be invoked on a frequent basis (and therefore
> not on a hot path), but from a more general angle, wouldn't this leave
> a(nother) plain "jsr... rts" sequence without any effect other than
> burning a few cycles? If the whole function call can be disabled
> (ignored) in a certain configuration, it shouldn't call at all, should
> it?

gcc should be able to deal with optimizing that out.
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

^ permalink raw reply

* Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot
From: joeyli @ 2013-08-27 13:12 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal, Takashi Iwai
In-Reply-To: <20130827112943.GA20527@amd.pavel.ucw.cz>

於 二,2013-08-27 於 13:29 +0200,Pavel Machek 提到:
> > > > @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
> > > >  
> > > >  	setup_efi_pci(boot_params);
> > > >  
> > > > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > > > +	setup_s4_keys(boot_params);
> > > > +#endif
> > > > +
> > > 
> > > Move ifdef inside the function?
> > 
> > OK, I will define a dummy function for non-verification situation.
> 
> IIRC you can just put the #ifdef inside the function body. 
> 									Pavel

I want use inline dummy function like saveable_highmem_page() in
snapshot.c, maybe it's	 better then additional function call?


Thanks a lot!
Joey Lee

^ permalink raw reply

* Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot
From: joeyli @ 2013-08-27 13:12 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal, Takashi Iwai
In-Reply-To: <20130827112943.GA20527@amd.pavel.ucw.cz>

於 二,2013-08-27 於 13:29 +0200,Pavel Machek 提到:
> > > > @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
> > > >  
> > > >  	setup_efi_pci(boot_params);
> > > >  
> > > > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > > > +	setup_s4_keys(boot_params);
> > > > +#endif
> > > > +
> > > 
> > > Move ifdef inside the function?
> > 
> > OK, I will define a dummy function for non-verification situation.
> 
> IIRC you can just put the #ifdef inside the function body. 
> 									Pavel

I want use inline dummy function like saveable_highmem_page() in
snapshot.c, maybe it's	 better then additional function call?


Thanks a lot!
Joey Lee


^ permalink raw reply

* Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot
From: joeyli @ 2013-08-27 13:12 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	linux-efi-u79uwXL29TY76Z2rM5mHXA, linux-pm-u79uwXL29TY76Z2rM5mHXA,
	linux-crypto-u79uwXL29TY76Z2rM5mHXA,
	opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw, David Howells,
	Rafael J. Wysocki, Matthew Garrett, Len Brown, Josh Boyer,
	Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH,
	JKosina-IBi9RG/b67k, Rusty Russell, Herbert Xu, David S. Miller,
	H. Peter Anvin, Michal Marek, Gary Lin, Vivek Goyal, Takashi Iwai
In-Reply-To: <20130827112943.GA20527-tWAi6jLit6GreWDznjuHag@public.gmane.org>

於 二,2013-08-27 於 13:29 +0200,Pavel Machek 提到:
> > > > @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
> > > >  
> > > >  	setup_efi_pci(boot_params);
> > > >  
> > > > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > > > +	setup_s4_keys(boot_params);
> > > > +#endif
> > > > +
> > > 
> > > Move ifdef inside the function?
> > 
> > OK, I will define a dummy function for non-verification situation.
> 
> IIRC you can just put the #ifdef inside the function body. 
> 									Pavel

I want use inline dummy function like saveable_highmem_page() in
snapshot.c, maybe it's	 better then additional function call?


Thanks a lot!
Joey Lee

^ permalink raw reply

* Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot
From: joeyli @ 2013-08-27 13:12 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal, Takashi Iwai
In-Reply-To: <20130827112943.GA20527@amd.pavel.ucw.cz>

於 二,2013-08-27 於 13:29 +0200,Pavel Machek 提到:
> > > > @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
> > > >  
> > > >  	setup_efi_pci(boot_params);
> > > >  
> > > > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > > > +	setup_s4_keys(boot_params);
> > > > +#endif
> > > > +
> > > 
> > > Move ifdef inside the function?
> > 
> > OK, I will define a dummy function for non-verification situation.
> 
> IIRC you can just put the #ifdef inside the function body. 
> 									Pavel

I want use inline dummy function like saveable_highmem_page() in
snapshot.c, maybe it's	 better then additional function call?


Thanks a lot!
Joey Lee

^ permalink raw reply

* Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot
From: joeyli @ 2013-08-27 13:12 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal, Takashi Iwai
In-Reply-To: <20130827112943.GA20527@amd.pavel.ucw.cz>

於 二,2013-08-27 於 13:29 +0200,Pavel Machek 提到:
> > > > @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
> > > >  
> > > >  	setup_efi_pci(boot_params);
> > > >  
> > > > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > > > +	setup_s4_keys(boot_params);
> > > > +#endif
> > > > +
> > > 
> > > Move ifdef inside the function?
> > 
> > OK, I will define a dummy function for non-verification situation.
> 
> IIRC you can just put the #ifdef inside the function body. 
> 									Pavel

I want use inline dummy function like saveable_highmem_page() in
snapshot.c, maybe it's	 better then additional function call?


Thanks a lot!
Joey Lee

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: joeyli @ 2013-08-27 12:54 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal
In-Reply-To: <20130827113044.GB20527@amd.pavel.ucw.cz>

於 二,2013-08-27 於 13:30 +0200,Pavel Machek 提到:
> On Tue 2013-08-27 18:22:17, joeyli wrote:
> > 於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> > > On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > > > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > > > hash algorithm will be used during signature generation of snapshot.
> > > > 
> > > > v2:
> > > > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > > > declare pkey_hash().
> > > > 
> > > > Reviewed-by: Jiri Kosina <jkosina@suse.cz>
> > > > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > > > ---
> > > >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> > > >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> > > >  2 files changed, 68 insertions(+), 5 deletions(-)
> > > > 
> > > > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > > > index b592d88..79b34fa 100644
> > > > --- a/kernel/power/Kconfig
> > > > +++ b/kernel/power/Kconfig
> > > > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> > > >  	  dependent on UEFI environment. EFI bootloader should generate the
> > > >  	  key-pair.
> > > >  
> > > > +choice
> > > > +	prompt "Which hash algorithm should snapshot be signed with?"
> > > > +        depends on SNAPSHOT_VERIFICATION
> > > > +        help
> > > > +          This determines which sort of hashing algorithm will be used during
> > > > +          signature generation of snapshot. This algorithm _must_ be built into
> > > > +	  the kernel directly so that signature verification can take place.
> > > > +	  It is not possible to load a signed snapshot containing the algorithm
> > > > +	  to check the signature on that module.
> > > 
> > > Like if 1000 ifdefs you already added to the code are not enough, you
> > > make some new ones?
> > > 									Pavel
> > > 
> > 
> > This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
> > used for generate digest of snapshot. The configuration will captured by
> > a const char* in code:
> > 
> > +static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
> > +
> > +static int pkey_hash(void)
> > 
> > So, there doesn't have any ifdef block derived from this new config.
> 
> I'd say select one hash function, and use it. There's no need to make
> it configurable.
> 									Pavel

There have better performance when SHA algorithm output shorter hash
result. On the other hand, longer hash result provide better security.

And, on 64-bits system, the SHA512 has better performance then SHA256.

Due to user have different use case and different hardware, why not give
them this option to make decision?


Thanks a lot!
Joey LEe

^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: joeyli @ 2013-08-27 12:54 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal
In-Reply-To: <20130827113044.GB20527@amd.pavel.ucw.cz>

於 二,2013-08-27 於 13:30 +0200,Pavel Machek 提到:
> On Tue 2013-08-27 18:22:17, joeyli wrote:
> > 於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> > > On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > > > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > > > hash algorithm will be used during signature generation of snapshot.
> > > > 
> > > > v2:
> > > > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > > > declare pkey_hash().
> > > > 
> > > > Reviewed-by: Jiri Kosina <jkosina@suse.cz>
> > > > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > > > ---
> > > >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> > > >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> > > >  2 files changed, 68 insertions(+), 5 deletions(-)
> > > > 
> > > > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > > > index b592d88..79b34fa 100644
> > > > --- a/kernel/power/Kconfig
> > > > +++ b/kernel/power/Kconfig
> > > > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> > > >  	  dependent on UEFI environment. EFI bootloader should generate the
> > > >  	  key-pair.
> > > >  
> > > > +choice
> > > > +	prompt "Which hash algorithm should snapshot be signed with?"
> > > > +        depends on SNAPSHOT_VERIFICATION
> > > > +        help
> > > > +          This determines which sort of hashing algorithm will be used during
> > > > +          signature generation of snapshot. This algorithm _must_ be built into
> > > > +	  the kernel directly so that signature verification can take place.
> > > > +	  It is not possible to load a signed snapshot containing the algorithm
> > > > +	  to check the signature on that module.
> > > 
> > > Like if 1000 ifdefs you already added to the code are not enough, you
> > > make some new ones?
> > > 									Pavel
> > > 
> > 
> > This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
> > used for generate digest of snapshot. The configuration will captured by
> > a const char* in code:
> > 
> > +static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
> > +
> > +static int pkey_hash(void)
> > 
> > So, there doesn't have any ifdef block derived from this new config.
> 
> I'd say select one hash function, and use it. There's no need to make
> it configurable.
> 									Pavel

There have better performance when SHA algorithm output shorter hash
result. On the other hand, longer hash result provide better security.

And, on 64-bits system, the SHA512 has better performance then SHA256.

Due to user have different use case and different hardware, why not give
them this option to make decision?


Thanks a lot!
Joey LEe

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: joeyli @ 2013-08-27 12:54 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal
In-Reply-To: <20130827113044.GB20527@amd.pavel.ucw.cz>

於 二,2013-08-27 於 13:30 +0200,Pavel Machek 提到:
> On Tue 2013-08-27 18:22:17, joeyli wrote:
> > 於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> > > On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > > > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > > > hash algorithm will be used during signature generation of snapshot.
> > > > 
> > > > v2:
> > > > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > > > declare pkey_hash().
> > > > 
> > > > Reviewed-by: Jiri Kosina <jkosina@suse.cz>
> > > > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > > > ---
> > > >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> > > >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> > > >  2 files changed, 68 insertions(+), 5 deletions(-)
> > > > 
> > > > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > > > index b592d88..79b34fa 100644
> > > > --- a/kernel/power/Kconfig
> > > > +++ b/kernel/power/Kconfig
> > > > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> > > >  	  dependent on UEFI environment. EFI bootloader should generate the
> > > >  	  key-pair.
> > > >  
> > > > +choice
> > > > +	prompt "Which hash algorithm should snapshot be signed with?"
> > > > +        depends on SNAPSHOT_VERIFICATION
> > > > +        help
> > > > +          This determines which sort of hashing algorithm will be used during
> > > > +          signature generation of snapshot. This algorithm _must_ be built into
> > > > +	  the kernel directly so that signature verification can take place.
> > > > +	  It is not possible to load a signed snapshot containing the algorithm
> > > > +	  to check the signature on that module.
> > > 
> > > Like if 1000 ifdefs you already added to the code are not enough, you
> > > make some new ones?
> > > 									Pavel
> > > 
> > 
> > This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
> > used for generate digest of snapshot. The configuration will captured by
> > a const char* in code:
> > 
> > +static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
> > +
> > +static int pkey_hash(void)
> > 
> > So, there doesn't have any ifdef block derived from this new config.
> 
> I'd say select one hash function, and use it. There's no need to make
> it configurable.
> 									Pavel

There have better performance when SHA algorithm output shorter hash
result. On the other hand, longer hash result provide better security.

And, on 64-bits system, the SHA512 has better performance then SHA256.

Due to user have different use case and different hardware, why not give
them this option to make decision?


Thanks a lot!
Joey LEe


^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: joeyli @ 2013-08-27 12:54 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal
In-Reply-To: <20130827113044.GB20527@amd.pavel.ucw.cz>

於 二,2013-08-27 於 13:30 +0200,Pavel Machek 提到:
> On Tue 2013-08-27 18:22:17, joeyli wrote:
> > 於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> > > On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > > > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > > > hash algorithm will be used during signature generation of snapshot.
> > > > 
> > > > v2:
> > > > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > > > declare pkey_hash().
> > > > 
> > > > Reviewed-by: Jiri Kosina <jkosina@suse.cz>
> > > > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > > > ---
> > > >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> > > >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> > > >  2 files changed, 68 insertions(+), 5 deletions(-)
> > > > 
> > > > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > > > index b592d88..79b34fa 100644
> > > > --- a/kernel/power/Kconfig
> > > > +++ b/kernel/power/Kconfig
> > > > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> > > >  	  dependent on UEFI environment. EFI bootloader should generate the
> > > >  	  key-pair.
> > > >  
> > > > +choice
> > > > +	prompt "Which hash algorithm should snapshot be signed with?"
> > > > +        depends on SNAPSHOT_VERIFICATION
> > > > +        help
> > > > +          This determines which sort of hashing algorithm will be used during
> > > > +          signature generation of snapshot. This algorithm _must_ be built into
> > > > +	  the kernel directly so that signature verification can take place.
> > > > +	  It is not possible to load a signed snapshot containing the algorithm
> > > > +	  to check the signature on that module.
> > > 
> > > Like if 1000 ifdefs you already added to the code are not enough, you
> > > make some new ones?
> > > 									Pavel
> > > 
> > 
> > This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
> > used for generate digest of snapshot. The configuration will captured by
> > a const char* in code:
> > 
> > +static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
> > +
> > +static int pkey_hash(void)
> > 
> > So, there doesn't have any ifdef block derived from this new config.
> 
> I'd say select one hash function, and use it. There's no need to make
> it configurable.
> 									Pavel

There have better performance when SHA algorithm output shorter hash
result. On the other hand, longer hash result provide better security.

And, on 64-bits system, the SHA512 has better performance then SHA256.

Due to user have different use case and different hardware, why not give
them this option to make decision?


Thanks a lot!
Joey LEe

^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: joeyli @ 2013-08-27 12:54 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	linux-efi-u79uwXL29TY76Z2rM5mHXA, linux-pm-u79uwXL29TY76Z2rM5mHXA,
	linux-crypto-u79uwXL29TY76Z2rM5mHXA,
	opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw, David Howells,
	Rafael J. Wysocki, Matthew Garrett, Len Brown, Josh Boyer,
	Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH,
	JKosina-IBi9RG/b67k, Rusty Russell, Herbert Xu, David S. Miller,
	H. Peter Anvin, Michal Marek, Gary Lin, Vivek Goyal
In-Reply-To: <20130827113044.GB20527-tWAi6jLit6GreWDznjuHag@public.gmane.org>

於 二,2013-08-27 於 13:30 +0200,Pavel Machek 提到:
> On Tue 2013-08-27 18:22:17, joeyli wrote:
> > 於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> > > On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > > > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > > > hash algorithm will be used during signature generation of snapshot.
> > > > 
> > > > v2:
> > > > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > > > declare pkey_hash().
> > > > 
> > > > Reviewed-by: Jiri Kosina <jkosina-AlSwsSmVLrQ@public.gmane.org>
> > > > Signed-off-by: Lee, Chun-Yi <jlee-IBi9RG/b67k@public.gmane.org>
> > > > ---
> > > >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> > > >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> > > >  2 files changed, 68 insertions(+), 5 deletions(-)
> > > > 
> > > > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > > > index b592d88..79b34fa 100644
> > > > --- a/kernel/power/Kconfig
> > > > +++ b/kernel/power/Kconfig
> > > > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> > > >  	  dependent on UEFI environment. EFI bootloader should generate the
> > > >  	  key-pair.
> > > >  
> > > > +choice
> > > > +	prompt "Which hash algorithm should snapshot be signed with?"
> > > > +        depends on SNAPSHOT_VERIFICATION
> > > > +        help
> > > > +          This determines which sort of hashing algorithm will be used during
> > > > +          signature generation of snapshot. This algorithm _must_ be built into
> > > > +	  the kernel directly so that signature verification can take place.
> > > > +	  It is not possible to load a signed snapshot containing the algorithm
> > > > +	  to check the signature on that module.
> > > 
> > > Like if 1000 ifdefs you already added to the code are not enough, you
> > > make some new ones?
> > > 									Pavel
> > > 
> > 
> > This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
> > used for generate digest of snapshot. The configuration will captured by
> > a const char* in code:
> > 
> > +static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
> > +
> > +static int pkey_hash(void)
> > 
> > So, there doesn't have any ifdef block derived from this new config.
> 
> I'd say select one hash function, and use it. There's no need to make
> it configurable.
> 									Pavel

There have better performance when SHA algorithm output shorter hash
result. On the other hand, longer hash result provide better security.

And, on 64-bits system, the SHA512 has better performance then SHA256.

Due to user have different use case and different hardware, why not give
them this option to make decision?


Thanks a lot!
Joey LEe

^ permalink raw reply

* Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot
From: Manfred Hollstein @ 2013-08-27 12:01 UTC (permalink / raw)
  To: Pavel Machek
  Cc: joeyli, linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	linux-efi-u79uwXL29TY76Z2rM5mHXA, linux-pm-u79uwXL29TY76Z2rM5mHXA,
	linux-crypto-u79uwXL29TY76Z2rM5mHXA,
	opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw, David Howells,
	Rafael J. Wysocki, Matthew Garrett, Len Brown, Josh Boyer,
	Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH,
	JKosina-IBi9RG/b67k, Rusty Russell, Herbert Xu, David S. Miller,
	H. Peter Anvin, Michal Marek, Gary Lin, Vivek Goyal, Takashi Iwai
In-Reply-To: <20130827112943.GA20527-tWAi6jLit6GreWDznjuHag@public.gmane.org>

On Tue, 27 Aug 2013, 13:29:43 +0200, Pavel Machek wrote:
> > > > @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
> > > >  
> > > >  	setup_efi_pci(boot_params);
> > > >  
> > > > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > > > +	setup_s4_keys(boot_params);
> > > > +#endif
> > > > +
> > > 
> > > Move ifdef inside the function?
> > 
> > OK, I will define a dummy function for non-verification situation.
> 
> IIRC you can just put the #ifdef inside the function body. 

This is certainly not to be invoked on a frequent basis (and therefore
not on a hot path), but from a more general angle, wouldn't this leave
a(nother) plain "jsr... rts" sequence without any effect other than
burning a few cycles? If the whole function call can be disabled
(ignored) in a certain configuration, it shouldn't call at all, should
it?

Cheers.

l8er
manfred

^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: Pavel Machek @ 2013-08-27 11:30 UTC (permalink / raw)
  To: joeyli
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal
In-Reply-To: <1377598937.20140.12.camel@linux-s257.site>

On Tue 2013-08-27 18:22:17, joeyli wrote:
> 於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> > On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > > hash algorithm will be used during signature generation of snapshot.
> > > 
> > > v2:
> > > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > > declare pkey_hash().
> > > 
> > > Reviewed-by: Jiri Kosina <jkosina@suse.cz>
> > > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > > ---
> > >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> > >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> > >  2 files changed, 68 insertions(+), 5 deletions(-)
> > > 
> > > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > > index b592d88..79b34fa 100644
> > > --- a/kernel/power/Kconfig
> > > +++ b/kernel/power/Kconfig
> > > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> > >  	  dependent on UEFI environment. EFI bootloader should generate the
> > >  	  key-pair.
> > >  
> > > +choice
> > > +	prompt "Which hash algorithm should snapshot be signed with?"
> > > +        depends on SNAPSHOT_VERIFICATION
> > > +        help
> > > +          This determines which sort of hashing algorithm will be used during
> > > +          signature generation of snapshot. This algorithm _must_ be built into
> > > +	  the kernel directly so that signature verification can take place.
> > > +	  It is not possible to load a signed snapshot containing the algorithm
> > > +	  to check the signature on that module.
> > 
> > Like if 1000 ifdefs you already added to the code are not enough, you
> > make some new ones?
> > 									Pavel
> > 
> 
> This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
> used for generate digest of snapshot. The configuration will captured by
> a const char* in code:
> 
> +static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
> +
> +static int pkey_hash(void)
> 
> So, there doesn't have any ifdef block derived from this new config.

I'd say select one hash function, and use it. There's no need to make
it configurable.
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

^ permalink raw reply

* Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot
From: Pavel Machek @ 2013-08-27 11:29 UTC (permalink / raw)
  To: joeyli
  Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	linux-efi-u79uwXL29TY76Z2rM5mHXA, linux-pm-u79uwXL29TY76Z2rM5mHXA,
	linux-crypto-u79uwXL29TY76Z2rM5mHXA,
	opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw, David Howells,
	Rafael J. Wysocki, Matthew Garrett, Len Brown, Josh Boyer,
	Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH,
	JKosina-IBi9RG/b67k, Rusty Russell, Herbert Xu, David S. Miller,
	H. Peter Anvin, Michal Marek, Gary Lin, Vivek Goyal, Takashi Iwai
In-Reply-To: <1377594283.20140.3.camel-ONCj+Eqt86TasUa73XJKwA@public.gmane.org>


> > > @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
> > >  
> > >  	setup_efi_pci(boot_params);
> > >  
> > > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > > +	setup_s4_keys(boot_params);
> > > +#endif
> > > +
> > 
> > Move ifdef inside the function?
> 
> OK, I will define a dummy function for non-verification situation.

IIRC you can just put the #ifdef inside the function body. 
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: joeyli @ 2013-08-27 10:22 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal
In-Reply-To: <20130825164329.GL5171@amd.pavel.ucw.cz>

於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > hash algorithm will be used during signature generation of snapshot.
> > 
> > v2:
> > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > declare pkey_hash().
> > 
> > Reviewed-by: Jiri Kosina <jkosina@suse.cz>
> > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > ---
> >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> >  2 files changed, 68 insertions(+), 5 deletions(-)
> > 
> > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > index b592d88..79b34fa 100644
> > --- a/kernel/power/Kconfig
> > +++ b/kernel/power/Kconfig
> > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> >  	  dependent on UEFI environment. EFI bootloader should generate the
> >  	  key-pair.
> >  
> > +choice
> > +	prompt "Which hash algorithm should snapshot be signed with?"
> > +        depends on SNAPSHOT_VERIFICATION
> > +        help
> > +          This determines which sort of hashing algorithm will be used during
> > +          signature generation of snapshot. This algorithm _must_ be built into
> > +	  the kernel directly so that signature verification can take place.
> > +	  It is not possible to load a signed snapshot containing the algorithm
> > +	  to check the signature on that module.
> 
> Like if 1000 ifdefs you already added to the code are not enough, you
> make some new ones?
> 									Pavel
> 

This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
used for generate digest of snapshot. The configuration will captured by
a const char* in code:

+static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
+
+static int pkey_hash(void)

So, there doesn't have any ifdef block derived from this new config.


Thanks a lot!
Joey Lee

^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: joeyli @ 2013-08-27 10:22 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal
In-Reply-To: <20130825164329.GL5171@amd.pavel.ucw.cz>

於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > hash algorithm will be used during signature generation of snapshot.
> > 
> > v2:
> > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > declare pkey_hash().
> > 
> > Reviewed-by: Jiri Kosina <jkosina@suse.cz>
> > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > ---
> >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> >  2 files changed, 68 insertions(+), 5 deletions(-)
> > 
> > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > index b592d88..79b34fa 100644
> > --- a/kernel/power/Kconfig
> > +++ b/kernel/power/Kconfig
> > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> >  	  dependent on UEFI environment. EFI bootloader should generate the
> >  	  key-pair.
> >  
> > +choice
> > +	prompt "Which hash algorithm should snapshot be signed with?"
> > +        depends on SNAPSHOT_VERIFICATION
> > +        help
> > +          This determines which sort of hashing algorithm will be used during
> > +          signature generation of snapshot. This algorithm _must_ be built into
> > +	  the kernel directly so that signature verification can take place.
> > +	  It is not possible to load a signed snapshot containing the algorithm
> > +	  to check the signature on that module.
> 
> Like if 1000 ifdefs you already added to the code are not enough, you
> make some new ones?
> 									Pavel
> 

This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
used for generate digest of snapshot. The configuration will captured by
a const char* in code:

+static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
+
+static int pkey_hash(void)

So, there doesn't have any ifdef block derived from this new config.


Thanks a lot!
Joey Lee

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: joeyli @ 2013-08-27 10:22 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal
In-Reply-To: <20130825164329.GL5171@amd.pavel.ucw.cz>

於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > hash algorithm will be used during signature generation of snapshot.
> > 
> > v2:
> > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > declare pkey_hash().
> > 
> > Reviewed-by: Jiri Kosina <jkosina@suse.cz>
> > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > ---
> >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> >  2 files changed, 68 insertions(+), 5 deletions(-)
> > 
> > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > index b592d88..79b34fa 100644
> > --- a/kernel/power/Kconfig
> > +++ b/kernel/power/Kconfig
> > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> >  	  dependent on UEFI environment. EFI bootloader should generate the
> >  	  key-pair.
> >  
> > +choice
> > +	prompt "Which hash algorithm should snapshot be signed with?"
> > +        depends on SNAPSHOT_VERIFICATION
> > +        help
> > +          This determines which sort of hashing algorithm will be used during
> > +          signature generation of snapshot. This algorithm _must_ be built into
> > +	  the kernel directly so that signature verification can take place.
> > +	  It is not possible to load a signed snapshot containing the algorithm
> > +	  to check the signature on that module.
> 
> Like if 1000 ifdefs you already added to the code are not enough, you
> make some new ones?
> 									Pavel
> 

This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
used for generate digest of snapshot. The configuration will captured by
a const char* in code:

+static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
+
+static int pkey_hash(void)

So, there doesn't have any ifdef block derived from this new config.


Thanks a lot!
Joey Lee

^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: joeyli @ 2013-08-27 10:22 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA,
	linux-security-module-u79uwXL29TY76Z2rM5mHXA,
	linux-efi-u79uwXL29TY76Z2rM5mHXA, linux-pm-u79uwXL29TY76Z2rM5mHXA,
	linux-crypto-u79uwXL29TY76Z2rM5mHXA,
	opensuse-kernel-stAJ6ESoqRxg9hUCZPvPmw, David Howells,
	Rafael J. Wysocki, Matthew Garrett, Len Brown, Josh Boyer,
	Vojtech Pavlik, Matt Fleming, James Bottomley, Greg KH,
	JKosina-IBi9RG/b67k, Rusty Russell, Herbert Xu, David S. Miller,
	H. Peter Anvin, Michal Marek, Gary Lin, Vivek Goyal
In-Reply-To: <20130825164329.GL5171-tWAi6jLit6GreWDznjuHag@public.gmane.org>

於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > hash algorithm will be used during signature generation of snapshot.
> > 
> > v2:
> > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > declare pkey_hash().
> > 
> > Reviewed-by: Jiri Kosina <jkosina-AlSwsSmVLrQ@public.gmane.org>
> > Signed-off-by: Lee, Chun-Yi <jlee-IBi9RG/b67k@public.gmane.org>
> > ---
> >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> >  2 files changed, 68 insertions(+), 5 deletions(-)
> > 
> > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > index b592d88..79b34fa 100644
> > --- a/kernel/power/Kconfig
> > +++ b/kernel/power/Kconfig
> > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> >  	  dependent on UEFI environment. EFI bootloader should generate the
> >  	  key-pair.
> >  
> > +choice
> > +	prompt "Which hash algorithm should snapshot be signed with?"
> > +        depends on SNAPSHOT_VERIFICATION
> > +        help
> > +          This determines which sort of hashing algorithm will be used during
> > +          signature generation of snapshot. This algorithm _must_ be built into
> > +	  the kernel directly so that signature verification can take place.
> > +	  It is not possible to load a signed snapshot containing the algorithm
> > +	  to check the signature on that module.
> 
> Like if 1000 ifdefs you already added to the code are not enough, you
> make some new ones?
> 									Pavel
> 

This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
used for generate digest of snapshot. The configuration will captured by
a const char* in code:

+static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
+
+static int pkey_hash(void)

So, there doesn't have any ifdef block derived from this new config.


Thanks a lot!
Joey Lee

^ permalink raw reply

* Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm
From: joeyli @ 2013-08-27 10:22 UTC (permalink / raw)
  To: Pavel Machek
  Cc: linux-kernel, linux-security-module, linux-efi, linux-pm,
	linux-crypto, opensuse-kernel, David Howells, Rafael J. Wysocki,
	Matthew Garrett, Len Brown, Josh Boyer, Vojtech Pavlik,
	Matt Fleming, James Bottomley, Greg KH, JKosina, Rusty Russell,
	Herbert Xu, David S. Miller, H. Peter Anvin, Michal Marek,
	Gary Lin, Vivek Goyal
In-Reply-To: <20130825164329.GL5171@amd.pavel.ucw.cz>

於 日,2013-08-25 於 18:43 +0200,Pavel Machek 提到:
> On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote:
> > This patch introduced SNAPSHOT_SIG_HASH config for user to select which
> > hash algorithm will be used during signature generation of snapshot.
> > 
> > v2:
> > Add define check of oCONFIG_SNAPSHOT_VERIFICATION in snapshot.c before
> > declare pkey_hash().
> > 
> > Reviewed-by: Jiri Kosina <jkosina@suse.cz>
> > Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
> > ---
> >  kernel/power/Kconfig    |   46 ++++++++++++++++++++++++++++++++++++++++++++++
> >  kernel/power/snapshot.c |   27 ++++++++++++++++++++++-----
> >  2 files changed, 68 insertions(+), 5 deletions(-)
> > 
> > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig
> > index b592d88..79b34fa 100644
> > --- a/kernel/power/Kconfig
> > +++ b/kernel/power/Kconfig
> > @@ -78,6 +78,52 @@ config SNAPSHOT_VERIFICATION
> >  	  dependent on UEFI environment. EFI bootloader should generate the
> >  	  key-pair.
> >  
> > +choice
> > +	prompt "Which hash algorithm should snapshot be signed with?"
> > +        depends on SNAPSHOT_VERIFICATION
> > +        help
> > +          This determines which sort of hashing algorithm will be used during
> > +          signature generation of snapshot. This algorithm _must_ be built into
> > +	  the kernel directly so that signature verification can take place.
> > +	  It is not possible to load a signed snapshot containing the algorithm
> > +	  to check the signature on that module.
> 
> Like if 1000 ifdefs you already added to the code are not enough, you
> make some new ones?
> 									Pavel
> 

This SNAPSHOT_SIG_HASH kernel config is to select which SHA algorithms
used for generate digest of snapshot. The configuration will captured by
a const char* in code:

+static const char *snapshot_hash = CONFIG_SNAPSHOT_SIG_HASH;
+
+static int pkey_hash(void)

So, there doesn't have any ifdef block derived from this new config.


Thanks a lot!
Joey Lee


^ permalink raw reply


This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox