On Wed, 25 Sep 2013, James Bottomley wrote:
I don't get this. Why is it important that current kernel can't recreate the signature?
The thread model is an attack on the saved information (i.e. the suspend image) between it being saved by the old kernel and used by the new one. The important point isn't that the new kernel doesn't have access to K_{N-1} it's that no-one does: the key is destroyed as soon as the old kernel terminates however the verification public part P_{N-1} survives.
James, could you please describe the exact scenario you think that the symmetric keys aproach doesn't protect against, while the assymetric key aproach does? The crucial points, which I believe make the symmetric key aproach work (and I feel quite embarassed by the fact that I haven't realized this initially when coming up with the assymetric keys aproach) are: - the kernel that is performing the actual resumption is trusted in the secure boot model, i.e. you trust it to perform proper verification - potentially malicious userspace (which is what we are protecting against -- malicious root creating fake hibernation image and issuing reboot) doesn't have access to the symmetric key -- Jiri Kosina SUSE Labs -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org