Mailinglist Archive: opensuse-kernel (127 mails)

< Previous Next >
[opensuse-kernel] [RFC PATCH 00/18 v2] Signature verification of hibernate snapshot
Hi experts,

This patchset is the implementation for signature verification of hibernate
snapshot image. The origin idea is from Jiri Kosina: Let EFI bootloader
generate key-pair in UEFI secure boot environment, then pass it to kernel
for sign/verify S4 image.

Due to there have potential threat from the S4 image hacked, it may cause
SUSE lost the trust in UEFI secure boot. The hacker attack the S4 snapshot
image in swap partition through whatever exploit from another trusted OS,
an the exploit may don't need physical access machine.

So, this patchset give the ability to kernel for parsing the RSA key-pair
from EFI bootloader, then using the private key to generate the signature
of S4 snapshot image. Kernel put the signature to snapshot header, then
verify the signature when kernel try to recover snapshot image to memory.

==============
How To Enable
==============

Set enable the CONFIG_SNAPSHOT_VERIFICATION kernel config. And you can also
choice which hash algorithm should snapshot be signed with. Then rebuild
kernel.

Please note this function need UEFI bootloader generate key-pair in UEFI
secure boot environment, e.g. shim. current shim implementation by Gary Lin:
https://build.opensuse.org/package/show/home:gary_lin:UEFI/shim

Please use the shim from the above URL if you want to try. And, Please
remember add this shim to db in UEFI because it didn't sign by SUSE or
Microsoft key.

=========
Behavior
=========

The RSA key-pair are generated by EFI bootloader(e.g. shim) in UEFI secure
boot environment, so currently this function binding with EFI secure boot
enabled. The kernel behavior is:

+ UEFI Secure Boot ON, Kernel found key-pair from shim:
Kernel will do the S4 signature check.

+ UEFI Secure Boot ON, Kernel didn't find key-pair from shim:
Kernel will lock down S4 function.

+ UEFI Secure Boot OFF
Kernel will disable S4 signature check,
and ignore any keys from EFI bootloader.

On EFI bootloader side, the behavior as following:

+ First, kernel will check the following 2 EFI variable:
S4SignKey-fe141863-c070-478e-b8a3-878a5dc9ef21 [Runtime][Non-Volatile]
S4WakeKey-fe141863-c070-478e-b8a3-878a5dc9ef21 [Runtime][Volatile]

S4SignKey and S4WakeKey is a RSA key-pair:
- S4SignKey is a private key that's used to generate signature of S4
snapshot.
The blob format of S4SignKey is PKCS#8 format, it should packaged a RSA
private key that's followed PKCS#1.

- S4WakeKey is a public key that's used to verify signature of S4
snapshot.
The blob format of S4WakeKey is X.509 format, it should packaged a RSA
public key that's followed PKCS#1.

+ EFI bootloader must generate RSA key-pair when system boot:
- Bootloader store the public key to EFI boottime variable by itself
- Bootloader put The private key to S4SignKey EFI variable for forward to
kernel.

+ Kernel will load the S4SignKey blob to RAM when booting and delete it
immediately. This private key will sign snapshot when S4.

+ When machine resume from hibernate:
- EFI bootloader should copy the public key from boottime variable to
S4WakeKey EFI variable.
- Bootloader need generated a new key-pair for next round S4 usage.
It should put new privat ekey to S4SignKey variable.

==============
Implementation
==============

Whole implementation including 3 part: shim, asymmetric keys and hibernate:

+ shim:
Currently solution implemented by Gary Lin:
https://build.opensuse.org/package/show/home:gary_lin:UEFI/shim

Please use the shim from the above URL if you want to try. And, Please
remember add this shim to db because it didn't sign by SUSE or Microsoft
key.

+ Asymmetric keys:
This patchset implemented PKCS#8 and RSA private key parser, it also
implement the signature verification operation of RSASSA-PKCS1-v_5 in
PKCS#1 spec. [RFC3447 sec 8.2.2]
Set CONFIG_PKCS8_PRIVATE_KEY_INFO_PARSER=y will give kernel the abilities
to parsing private key and verify signature.

+ Hibernate:
Set CONFIG_SNAPSHOT_VERIFICATION=y will give enable the function of
snapshot signature generation and verification. We reserved 512 byes
size in snapshot header for store the signature that's generated from
the digest with SHA256 algorithms.

For adapt S4 signature check to secure boot, I have porting 3 patches from
Fedora kernel to openSUSE, authors are Josh Boyer and Matthew Garrett. I also
add Cc. to them.

Please help review this RFC patchset! Appreciate for any comments!



Josh Boyer (1):
Secure boot: Add a dummy kernel parameter that will switch on Secure
Boot mode

Lee, Chun-Yi (15):
asymmetric keys: add interface and skeleton for implement signature
generation
asymmetric keys: implement EMSA_PKCS1-v1_5-ENCODE in rsa
asymmetric keys: separate the length checking of octet string from
RSA_I2OSP
asymmetric keys: implement OS2IP in rsa
asymmetric keys: implement RSASP1
asymmetric keys: support parsing PKCS #8 private key information
asymmetric keys: explicitly add the leading zero byte to encoded
message
Hibernate: introduced RSA key-pair to verify signature of snapshot
Hibernate: generate and verify signature of snapshot
Hibernate: Avoid S4 sign key data included in snapshot image
Hibernate: fix the race condition of remove S4 sign key
Hibernate: applied SNAPSHOT_VERIFICATION config to switch signature
check
Hibernate: adapt to UEFI secure boot with signature check
Hibernate: show the verification time for monitor performance
Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash
algorithm

Matthew Garrett (2):
Secure boot: Add new capability
efi: Enable secure boot lockdown automatically when enabled in
firmware

Documentation/kernel-parameters.txt | 7 +
Documentation/x86/zero-page.txt | 2 +
arch/x86/boot/compressed/eboot.c | 32 +++
arch/x86/include/asm/bootparam_utils.h | 8 +-
arch/x86/include/uapi/asm/bootparam.h | 3 +-
arch/x86/kernel/setup.c | 7 +
crypto/asymmetric_keys/Kconfig | 11 +
crypto/asymmetric_keys/Makefile | 16 ++
crypto/asymmetric_keys/pkcs8.asn1 | 19 ++
crypto/asymmetric_keys/pkcs8_info_parser.c | 152 ++++++++++++++
crypto/asymmetric_keys/pkcs8_parser.h | 23 ++
crypto/asymmetric_keys/pkcs8_private_key.c | 148 ++++++++++++++
crypto/asymmetric_keys/pkcs8_rsakey.asn1 | 29 +++
crypto/asymmetric_keys/private_key.h | 29 +++
crypto/asymmetric_keys/public_key.c | 32 +++
crypto/asymmetric_keys/rsa.c | 283 +++++++++++++++++++++++++--
crypto/asymmetric_keys/signature.c | 28 +++
include/crypto/public_key.h | 28 +++
include/keys/asymmetric-subtype.h | 6 +
include/linux/cred.h | 2 +
include/linux/efi.h | 1 +
include/uapi/linux/capability.h | 6 +-
kernel/cred.c | 17 ++
kernel/power/Kconfig | 62 ++++++-
kernel/power/Makefile | 1 +
kernel/power/hibernate.c | 42 ++++
kernel/power/hibernate_keys.c | 262 ++++++++++++++++++++++++
kernel/power/main.c | 11 +-
kernel/power/power.h | 27 +++
kernel/power/snapshot.c | 299 +++++++++++++++++++++++++++-
kernel/power/swap.c | 18 ++
kernel/power/user.c | 24 +++
32 files changed, 1611 insertions(+), 24 deletions(-)
create mode 100644 crypto/asymmetric_keys/pkcs8.asn1
create mode 100644 crypto/asymmetric_keys/pkcs8_info_parser.c
create mode 100644 crypto/asymmetric_keys/pkcs8_parser.h
create mode 100644 crypto/asymmetric_keys/pkcs8_private_key.c
create mode 100644 crypto/asymmetric_keys/pkcs8_rsakey.asn1
create mode 100644 crypto/asymmetric_keys/private_key.h
create mode 100644 kernel/power/hibernate_keys.c

--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-kernel+owner@xxxxxxxxxxxx

< Previous Next >