[opensuse-factory] Re: UEFI Secure Boot and hibernation

19 Feb 2020

      On Tue, Feb 18, 2020 at 11:59 PM joeyli <jlee@suse.com> wrote:
...
On Tue, Feb 18, 2020 at 11:16:25PM -0700, Chris Murphy wrote:

...
...
Thanks for the update. Is the expectation that the authentication will
require a TPM?
The hibernate snapshot image should be encrypted by a AE mode (Authenticated
Encryption) like AES-GCM as Andy Lutomirski's suggestion.
   https://lkml.org/lkml/2019/1/9/828
Then the key of AES-GCM must be sealed by TPM with appropriate PCR registers for
localities with the runtime kernel. Then the sealed key chunk must be attached
on hibernation header with snapshot image.
The above is what I think for next version.
Do you think it's necessary to encrypt and sign swap (page outs)? If
an attacker could inject something malicious into the hibernation
image, why not inject it into pages in swap? For example:

Hibernation (apparently) can silently fail if > 50% of RAM is used;
but the intention is that some mechanism (whether kernel or
user-space) needs to free up enough RAM so that the hibernation image
can be created.
https://marc.info/?l=linux-kernel&m=157177497015315

In my experience, upon issuing:

# echo reboot > /sys/power/disk
# echo disk > /sys/power/state

I see considerable page outs to the swap partition, prior to
hibernation entry. Upon resume, those pages in swap are still valid.
Is there a reason why they wouldn't be exploitable?

Maybe it's a more suitable subject for discussion on linux-pm@ list?

-- 
Chris Murphy
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Chris Murphy

Oliver Neukum

Oliver Neukum

tags

participants (2)