lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150318132450.GA2370@linux-rxt1.site>
Date:	Wed, 18 Mar 2015 21:24:50 +0800
From:	joeyli <jlee@...e.com>
To:	Jiri Kosina <jkosina@...e.cz>
Cc:	Matthew Garrett <matthew.garrett@...ula.com>,
	"gnomes@...rguk.ukuu.org.uk" <gnomes@...rguk.ukuu.org.uk>,
	"keescook@...omium.org" <keescook@...omium.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"james.l.morris@...cle.com" <james.l.morris@...cle.com>,
	"serge@...lyn.com" <serge@...lyn.com>,
	"linux-security-module@...r.kernel.org" 
	<linux-security-module@...r.kernel.org>,
	"hpa@...or.com" <hpa@...or.com>
Subject: Re: Trusted kernel patchset

On Mon, Mar 16, 2015 at 10:54:54PM +0100, Jiri Kosina wrote:
> On Mon, 16 Mar 2015, Matthew Garrett wrote:
> 
> > > - All suspend/resumes allow modifying the kernel. I can boot Linux
> > >   suspend, boot windows, modify the Linux restore image, boot Linux and
> > >   own the box. You would need to sign the resume image somehow I think or
> > >   just disable all suspend/resume
> > 
> > I'm kind of torn on this - yes, there are deployment scenarios where
> > hibernation can be used to circumvent the restrictions, but there are
> > also scenarios where that can be avoided (eg, the bootloader verifies
> > some state with respect to the hibernation image).
> 
> [ adding Joey to CC ]
> 
> Just for completness -- there is a way around this:
> 
> 	https://lkml.org/lkml/2013/9/14/183
> 
> The series is not really the optimal one, as Alan Stern later figured out 
> that symmetric cryptography is strong enough to achieve the same goal, but 
> I am not sure whether Joey implemented that idea already.
> 
> -- 
> Jiri Kosina
> SUSE Labs

About the symmetric key edition, I developed a prototype the codes on github
are ugly and still need clear up. But it works for using HMAC to generate
signature and verify hibernate image.

There still has a situation need to solve:
 
There doesn't have enough random entropy for the FIRST TIME boot to generate
HMAC key in EFI stub.

And, I need implement a hash function in EFI stub, at least SHA1, to mess
entropies from difference sources (rdtsc, RdRand... not too many) for generating
new HMAC key. An other idea is sending a random seed from runtime random pool to
boot time to be one of the seed of next HMAC key.


Joey Lee
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ