linux-pm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Oliver Neukum <oneukum@suse.com>
To: Yu Chen <yu.c.chen@intel.com>
Cc: Pavel Machek <pavel@ucw.cz>,
	"Rafael J . Wysocki" <rafael.j.wysocki@intel.com>,
	Eric Biggers <ebiggers@google.com>,
	"Lee, Chun-Yi" <jlee@suse.com>, Theodore Ts o <tytso@mit.edu>,
	Stephan Mueller <smueller@chronox.de>,
	Denis Kenzior <denkenz@gmail.com>,
	linux-pm@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-kernel@vger.kernel.org, "Gu, Kookoo" <kookoo.gu@intel.com>,
	"Zhang, Rui" <rui.zhang@intel.com>
Subject: Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption
Date: Mon, 06 Aug 2018 12:20:20 +0200	[thread overview]
Message-ID: <1533550820.15815.14.camel@suse.com> (raw)
In-Reply-To: <20180806075754.GA12124@chenyu-desktop>

On Mo, 2018-08-06 at 15:57 +0800, Yu Chen wrote:
> Hi Oliver,
> On Thu, Jul 26, 2018 at 09:30:46AM +0200, Oliver Neukum wrote:
> > On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote:
> > > 
> > > Good point, we once tried to generate key in kernel, but people
> > > suggest to generate key in userspace and provide it to the
> > > kernel, which is what ecryptfs do currently, so it seems this
> > > should also be safe for encryption in kernel.
> > > https://www.spinics.net/lists/linux-crypto/msg33145.html
> > > Thus Chun-Yi's signature can use EFI key and both the key from
> > > user space.
> > 
> > Hi,
> > 
> > ecryptfs can trust user space. It is supposed to keep data
> > safe while the system is inoperative.
> 
> Humm, I did not quite get the point here, let's take fscrypt

While the system is running and the fs is mounted, your data
is as secure as root access to your machine, right? You encrypt
a disk primarily so data cannot be recovered (and altered) while
the system is not running.

Secure Boot does not trust root fully. There is a cryptographic
chain of trust and user space is not part of it.

> for example, the kernel gets user generated key from user space,
> and uses per-inode nonce(random bytes) as the master key to
> do a KDF(key derivation function) on user provided key, and uses
> that key for encryption. We can also added similar mechanism
> to generate the key in kernel space but the key should be
> original from user's provided key(password derived), because
> the security boot/signature mechanism could not cover the case
> that, two different users could resume to each other's context
> because there isn't any certification during resume if it is
> on the same physical hardware.

Please explain. You will always have to suspend the whole machine
with all tasks of all users. And STD with Secure Boot need not
imply that you encrypt your discs. You need to encrypt only
kernel memory to meet the requirements.

As STD affects the whole machine it must require root rights.
So I cannot see how you can talk about a session belonging
to a user. Please explain.

It seems to me that you can in theory encrypt the password
by a key coming from user space, so that you need to know
an additional key to resume the system, but that seems to me
above and beyond what Secure Boot requires.

	Regards
		Oliver

  parent reply	other threads:[~2018-08-06 10:20 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-18 16:38 [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Chen Yu
2018-07-18 16:39 ` [PATCH 1/4][RFC v2] PM / Hibernate: Add helper functions for " Chen Yu
2018-07-18 16:39 ` [PATCH 2/4][RFC v2] PM / hibernate: Install crypto hooks " Chen Yu
2018-07-18 16:40 ` [PATCH 4/4][RFC v2] tools: create power/crypto utility Chen Yu
2018-07-18 20:22 ` [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption Pavel Machek
2018-07-18 23:58   ` Yu Chen
2018-07-19 11:01     ` Pavel Machek
2018-07-19 13:20       ` Yu Chen
2018-07-20 10:25         ` Pavel Machek
2018-07-23 11:42           ` Oliver Neukum
2018-07-23 12:22             ` Pavel Machek
2018-07-23 16:38               ` Yu Chen
2018-07-24 12:05                 ` Pavel Machek
2018-07-24 11:49               ` Oliver Neukum
2018-07-24 13:04                 ` Pavel Machek
2018-07-23 16:23             ` Yu Chen
2018-07-24 11:40               ` Oliver Neukum
2018-07-24 12:01               ` Pavel Machek
2018-07-24 12:47                 ` Oliver Neukum
2018-07-24 13:03                   ` Pavel Machek
2018-07-24 13:01                     ` Oliver Neukum
2018-07-26  7:30               ` Oliver Neukum
2018-07-26  8:14                 ` joeyli
2018-07-30 17:04                   ` joeyli
2018-08-03  3:37                     ` Yu Chen
2018-08-03  5:34                       ` joeyli
2018-08-03 13:14                         ` Ryan Chen
2018-08-03 14:05                           ` joeyli
2018-08-03 16:09                             ` Ryan Chen
2018-08-03 18:06                               ` joeyli
2018-08-05 10:02                           ` Pavel Machek
2018-08-06  8:45                             ` Yu Chen
2018-08-06 10:39                               ` joeyli
2018-08-07  7:43                                 ` Yu Chen
2018-08-07 16:27                                   ` joeyli
2018-08-08 17:58                                 ` Pavel Machek
2018-08-09  3:43                                   ` Yu Chen
2018-08-09  8:12                                     ` joeyli
2018-08-08 17:50                               ` Pavel Machek
2018-08-09  3:01                                 ` Yu Chen
2018-08-09  6:53                                   ` Pavel Machek
2018-08-09  9:03                                   ` Oliver Neukum
2018-08-09 15:55                                   ` joeyli
2018-08-06  7:57                 ` Yu Chen
2018-08-06  9:48                   ` joeyli
2018-08-06 10:07                     ` Yu Chen
2018-08-06 10:20                   ` Oliver Neukum [this message]
2018-08-07  7:38                     ` Yu Chen
2018-08-07  7:49                       ` Ryan Chen
2018-08-07 10:04                       ` Oliver Neukum
2018-07-24 14:47             ` joeyli
2018-07-19 14:58       ` joeyli
     [not found] ` <edf92acf665b928f02104bb1835fd50723ab9980.1531924968.git.yu.c.chen@intel.com>
2018-07-19  5:32   ` [PATCH 3/4][RFC v2] PM / Hibernate: Encrypt the snapshot pages before submitted to the block device Yu Chen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1533550820.15815.14.camel@suse.com \
    --to=oneukum@suse.com \
    --cc=denkenz@gmail.com \
    --cc=ebiggers@google.com \
    --cc=jlee@suse.com \
    --cc=kookoo.gu@intel.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=pavel@ucw.cz \
    --cc=rafael.j.wysocki@intel.com \
    --cc=rui.zhang@intel.com \
    --cc=smueller@chronox.de \
    --cc=tytso@mit.edu \
    --cc=yu.c.chen@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).