lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHC9VhQeQcEKFKWi2pvGE-DhkaccqBn9Yf_+r7JbZ2UPN+z3-g@mail.gmail.com>
Date:   Tue, 21 Nov 2023 23:21:26 -0500
From:   Paul Moore <paul@...l-moore.com>
To:     Kelvie Wong <kelvie@...vie.ca>
Cc:     Randy Dunlap <rdunlap@...radead.org>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-pm@...r.kernel.org,
        linux-security-module <linux-security-module@...r.kernel.org>,
        David Howells <dhowells@...hat.com>
Subject: Re: [PATCH RFC] Add a lockdown_hibernate parameter

On Mon, Nov 20, 2023 at 10:07 PM Kelvie Wong <kelvie@...vie.ca> wrote:
> On Mon, 20 Nov 2023 at 13:12, Paul Moore <paul@...l-moore.com> wrote:
> > On Mon, Nov 13, 2023 at 11:01 PM Randy Dunlap <rdunlap@...radead.org> wrote:
> > >
> > > [add security & dhowells]
> > >
> > > On 11/13/23 18:23, Kelvie Wong wrote:
> > > > This allows the user to tell the kernel that they know better (namely,
> > > > they secured their swap properly), and that it can enable hibernation.
> > > >
> > > > I've been using this for about a year now, as it doesn't seem like
> > > > proper secure hibernation was going to be implemented back then, and
> > > > it's now been a year since I've been building my own kernels with this
> > > > patch, so getting this upstreamed would save some CO2 from me building
> > > > my own kernels every upgrade.
> > > >
> > > > Some other not-me users have also tested the patch:
> > > >
> > > > https://community.frame.work/t/guide-fedora-36-hibernation-with-enabled-secure-boot-and-full-disk-encryption-fde-decrypting-over-tpm2/25474/17
> > > >
> > > > Signed-off-by: Kelvie Wong <kelvie@...vie.ca>
> >
> > I would feel a lot better about this if there was a way to verify that
> > the swap was protected as opposed to leaving that as a note in a doc
> > that the majority of users will never see, read, or understand.
>
> I'd argue that this wouldn't even be necessary if we detect the swap was
> protected -- hibernation should just be enabled in that case without setting
> any parameters.
>
> My understanding is that it was disabled waiting for this
> functionality, and it's been
> at least a couple of years now [1], so it looks like it's not such an
> easy problem.

I've got to warn you that I have an allergic reaction to arguments
that start with "the right solution is really hard, so let's pick the
easier, worse solution." ;)

> Anyway, my argument is that the majority of users will never use this kernel
> parameter anyway, so I think it's a fair assumption that the power users that
> *do* use this will educate themselves on why this parameter even exists.

I guess I'm still not sold on this idea, I'm sorry.

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ