| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130926122210.GA30225@suse.cz> Date: Thu, 26 Sep 2013 14:22:10 +0200 From: Vojtech Pavlik <vojtech@...e.cz> To: Pavel Machek <pavel@....cz> Cc: joeyli <jlee@...e.com>, Alan Stern <stern@...land.harvard.edu>, David Howells <dhowells@...hat.com>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, linux-efi@...r.kernel.org, linux-pm@...r.kernel.org, linux-crypto@...r.kernel.org, opensuse-kernel@...nsuse.org, "Rafael J. Wysocki" <rjw@...k.pl>, Matthew Garrett <mjg59@...f.ucam.org>, Len Brown <len.brown@...el.com>, Josh Boyer <jwboyer@...hat.com>, Matt Fleming <matt.fleming@...el.com>, James Bottomley <james.bottomley@...senpartnership.com>, Greg KH <gregkh@...uxfoundation.org>, JKosina@...e.com, Rusty Russell <rusty@...tcorp.com.au>, Herbert Xu <herbert@...dor.hengli.com.au>, "David S. Miller" <davem@...emloft.net>, "H. Peter Anvin" <hpa@...or.com>, Michal Marek <mmarek@...e.cz>, Gary Lin <GLin@...e.com>, Vivek Goyal <vgoyal@...hat.com> Subject: Re: [RFC V4 PATCH 00/15] Signature verification of hibernate snapshot On Thu, Sep 26, 2013 at 02:06:21PM +0200, Pavel Machek wrote: > > For the symmetric key solution, I will try HMAC (Hash Message > > Authentication Code). It's already used in networking, hope the > > performance is not too bad to a big image. > > Kernel already supports crc32 of the hibernation image, you may want > to take a look how that is done. > > Maybe you want to replace crc32 with cryptographics hash (sha1?) and > then use only hash for more crypto? That way speed of whatever crypto > you do should not be an issue. Well, yes, one could skip the CRC when the signing is enabled to gain a little speedup. > Actually... > > Is not it as simple as storing hash of hibernation image into NVRAM > and then verifying the hash matches the value in NVRAM on next > startup? No encryption needed. First, there is no encryption going on. Only doing a HMAC (digest (hash) using a key) of the image. Second, since NVRAM is accessible through efivarsfs, storing the hash in NVRAM wouldn't prevent an attacker from modifying the hash to match a modified image. There is a reason why the key for the HMAC is stored in the NVRAM in a BootServices variable that isn't accessible from the OS and is write-protected on hardware level from the OS. > And that may even be useful for non-secure-boot people, as it ensures > you boot right image after resume, boot it just once, etc... The HMAC approach isn't much more complicated, and it gives you all these benefits even with secure boot disabled. -- Vojtech Pavlik Director SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists