lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhR6mr0XRrq=Apy00HD3tdgpKi4RyMr8f5kdx2sjA0sfig@mail.gmail.com>
Date:   Mon, 20 Nov 2023 16:12:31 -0500
From:   Paul Moore <paul@...l-moore.com>
To:     Randy Dunlap <rdunlap@...radead.org>
Cc:     Kelvie Wong <kelvie@...vie.ca>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-pm@...r.kernel.org,
        linux-security-module <linux-security-module@...r.kernel.org>,
        David Howells <dhowells@...hat.com>
Subject: Re: [PATCH RFC] Add a lockdown_hibernate parameter

On Mon, Nov 13, 2023 at 11:01 PM Randy Dunlap <rdunlap@...radead.org> wrote:
>
> [add security & dhowells]
>
> On 11/13/23 18:23, Kelvie Wong wrote:
> > This allows the user to tell the kernel that they know better (namely,
> > they secured their swap properly), and that it can enable hibernation.
> >
> > I've been using this for about a year now, as it doesn't seem like
> > proper secure hibernation was going to be implemented back then, and
> > it's now been a year since I've been building my own kernels with this
> > patch, so getting this upstreamed would save some CO2 from me building
> > my own kernels every upgrade.
> >
> > Some other not-me users have also tested the patch:
> >
> > https://community.frame.work/t/guide-fedora-36-hibernation-with-enabled-secure-boot-and-full-disk-encryption-fde-decrypting-over-tpm2/25474/17
> >
> > Signed-off-by: Kelvie Wong <kelvie@...vie.ca>
> > ---
> >  Documentation/admin-guide/kernel-parameters.txt |  5 +++++
> >  kernel/power/hibernate.c                        | 10 +++++++++-
> >  2 files changed, 14 insertions(+), 1 deletion(-)
> >
> > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> > index 426fa892d311..54785faba9e0 100644
> > --- a/Documentation/admin-guide/kernel-parameters.txt
> > +++ b/Documentation/admin-guide/kernel-parameters.txt
> > @@ -2804,6 +2804,11 @@
> >                       to extract confidential information from the kernel
> >                       are also disabled.
> >
> > +     lockdown_hibernate      [HIBERNATION]
> > +                     Enable hibernation even if lockdown is enabled. Enable this only if
> > +                     your swap is encrypted and secured properly, as an attacker can
> > +                     modify the kernel offline during hibernation.
> > +
> >       locktorture.nreaders_stress= [KNL]
> >                       Set the number of locking read-acquisition kthreads.
> >                       Defaults to being automatically set based on the
> > diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
> > index 89c71fce225d..2221c531d54c 100644
> > --- a/kernel/power/hibernate.c
> > +++ b/kernel/power/hibernate.c
> > @@ -36,6 +36,7 @@
> >  #include "power.h"
> >
> >
> > +static int lockdown_hibernate;
> >  static int nocompress;
> >  static int noresume;
> >  static int nohibernate;
> > @@ -82,7 +83,7 @@ void hibernate_release(void)
> >  bool hibernation_available(void)
> >  {
> >       return nohibernate == 0 &&
> > -             !security_locked_down(LOCKDOWN_HIBERNATION) &&
> > +             (lockdown_hibernate || !security_locked_down(LOCKDOWN_HIBERNATION)) &&
> >               !secretmem_active() && !cxl_mem_active();
> >  }

I would feel a lot better about this if there was a way to verify that
the swap was protected as opposed to leaving that as a note in a doc
that the majority of users will never see, read, or understand.

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ