On Tue, Feb 18, 2020 at 11:59 PM joeyli <jlee@suse.com> wrote:

On Tue, Feb 18, 2020 at 11:16:25PM -0700, Chris Murphy wrote:

...

Thanks for the update. Is the expectation that the authentication will require a TPM?

The hibernate snapshot image should be encrypted by a AE mode (Authenticated Encryption) like AES-GCM as Andy Lutomirski's suggestion. https://lkml.org/lkml/2019/1/9/828

Then the key of AES-GCM must be sealed by TPM with appropriate PCR registers for localities with the runtime kernel. Then the sealed key chunk must be attached on hibernation header with snapshot image.

The above is what I think for next version.

Do you think it's necessary to encrypt and sign swap (page outs)? If an attacker could inject something malicious into the hibernation image, why not inject it into pages in swap? For example: Hibernation (apparently) can silently fail if > 50% of RAM is used; but the intention is that some mechanism (whether kernel or user-space) needs to free up enough RAM so that the hibernation image can be created. https://marc.info/?l=linux-kernel&m=157177497015315 In my experience, upon issuing: # echo reboot > /sys/power/disk # echo disk > /sys/power/state I see considerable page outs to the swap partition, prior to hibernation entry. Upon resume, those pages in swap are still valid. Is there a reason why they wouldn't be exploitable? Maybe it's a more suitable subject for discussion on linux-pm@ list? -- Chris Murphy -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org