lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 12 Apr 2017 21:44:57 +0800
From:   joeyli <jlee@...e.com>
To:     poma <pomidorabelisima@...il.com>
Cc:     Jiri Kosina <jikos@...nel.org>,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        David Howells <dhowells@...hat.com>,
        Oliver Neukum <oneukum@...e.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Matthew Garrett <mjg59@...f.ucam.org>,
        linux-efi@...r.kernel.org, gnomes@...rguk.ukuu.org.uk,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Linux PM <linux-pm@...r.kernel.org>,
        linux-security-module@...r.kernel.org, keyrings@...r.kernel.org,
        matthew.garrett@...ula.com
Subject: Re: [PATCH 11/24] uswsusp: Disable when the kernel is locked down

On Sat, Apr 08, 2017 at 05:28:15AM +0200, poma wrote:
> On 06.04.2017 22:25, Jiri Kosina wrote:
> > On Thu, 6 Apr 2017, Rafael J. Wysocki wrote:
> > 
> >>>>> Your swap partition may be located on an NVDIMM or be encrypted.
> >>>>
> >>>> An NVDIMM should be considered the same as any other persistent storage.
> >>>>
> >>>> It may be encrypted, but where's the key stored, how easy is it to retrieve
> >>>> and does the swapout code know this?
> >>>>
> >>>>> Isn't this a bit overly drastic?
> >>>>
> >>>> Perhaps, but if it's on disk and it's not encrypted, then maybe not.
> >>>
> >>> Right.
> >>>
> >>> Swap encryption is not mandatory and I'm not sure how the hibernate
> >>> code can verify whether or not it is in use.
> >>
> >> BTW, SUSE has patches adding secure boot support to the hibernate code
> >> and Jiri promised me to post them last year even. :-)
> > 
> > Oh, thanks for a friendly ping :) Adding Joey Lee to CC.
> > 
> 
> Rafael J., are you talking about HIBERNATE_VERIFICATION ?
> 
> Ref.
> https://github.com/joeyli/linux-s4sign/commits/s4sign-hmac-v2-v4.2-rc8
> https://lkml.org/lkml/2015/8/11/47
> https://bugzilla.redhat.com/show_bug.cgi?id=1330335
>

I am working on switch to HMAC-SHA512. 

On the other hand, some mechanisms keep signing/encryption key in memory.
e.g. dm-crypt or hibernation verification. Kees Cook suggested that we
should add kernel memory reads as a thread model of securelevel to
prevent leaking those keys by /dev/kmem, bpf, kdump or hibernation...
We still need time to implement it.

Thanks a lot!
Joey Lee

Powered by blists - more mailing lists