於 五,2013-08-09 於 09:53 +0200,Jiri Kosina 提到:
On Fri, 9 Aug 2013, Lee, Chun-Yi wrote:
Hi experts,
This patchset is the implementation for signature verification of hibernate snapshot image. The origin idea is from Jiri Kosina: Let EFI bootloader generate key-pair in UEFI secure boot environment, then pass it to kernel for sign/verify S4 image.
Due to there have potential threat from the S4 image hacked, it may cause SUSE lost the trust in UEFI secure boot. The hacker attack the S4 snapshot image in swap partition through whatever exploit from another trusted OS, an the exploit may don't need physical access machine.
So, this patchset give the ability to kernel for parsing the RSA key-pair from EFI bootloader, then using the private key to generate the signature of S4 snapshot image. Kernel put the signature to snapshot header, then verify the signature when kernel try to recover snapshot image to memory.
Joey,
thanks a lot for all the efforts, good job. I have finally finished going through all this. Please feel free to add
Reviewed-by: Jiri Kosina
-- Jiri Kosina SUSE Labs
Thanks a lot for your review! Joey Lee -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org