Am Mittwoch, den 19.02.2020, 14:04 -0700 schrieb Chris Murphy:
Do you think it's necessary to encrypt and sign swap (page outs)? If an attacker could inject something malicious into the hibernation image, why not inject it into pages in swap? For example:
The kernel swaps only anonymous user space pages. The mission of Secure Boot is to protect kernel space even from root. Hence only pages of kernel space need to be protected. The only time they are read from disk is during resumption from STD. The problem you identified exists and if you want to fix it you indeed need to encrypt swap, but it is independent (albeit similar) to STD. Regards Oliver -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org