於 五,2013-08-09 於 06:12 +0100,Matthew Garrett 提到:
On Fri, Aug 09, 2013 at 12:37:37PM +0800, Lee, Chun-Yi wrote:
+ When machine resume from hibernate: - EFI bootloader should copy the public key from boottime variable to S4WakeKey EFI variable. - Bootloader need generated a new key-pair for next round S4 usage. It should put new privat ekey to S4SignKey variable.
So, first, this is brilliant. Thank you for putting the work into this.
Thanks for your quick response!
The only potential problem is the generation of a new key pair on every reboot. Some hardware vendors have expressed concerns about writing variables on every boot, so if we can avoid that somehow then life would probably be better.
Do they concern the life of flash memory? or concern to brick the machine because garbage collection don't trigger?
Options for that would seem to be (1) set a flag on S4 and only regenerate keys if that flag has been set (although I need to think about the security considerations of that), or (2) use a magic GUID space that all kernels (including Windows) refuse to expose to userspace. (2) is obviously conditional upon Microsoft, but let's have a chat with them to see if there's already some special-casing in Windows. It wouldn't surprise me.
I discussed with Gary for the behavior to trigger key-pair regeneration in shim. There have another thinking is: Kernel load the S4 sign key (private key) before kernel call ExitBootServices(), load it from boot-time variable. In this case, shim don't need put the private key to NV-runtime variable, so any other OS could not access the key except the window period before ExitBootServices(). And, we write a tag when hibernate to tell shim regenerate key-pair for next round S4. But, above approach means S4 signature check function limit on EFI stub kernel. User can not enable this function without using EFI stub.
I'll review the rest of these over the next few days. I've been gradually merging in the shim changes to upstream, so do feel free to send me a pull request for the S4 stuff there, too.
-- Matthew Garrett | mjg59@srcf.ucam.org
Thanks for your time to review! Joey Lee -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org