[PATCH 11/24] uswsusp: Disable when the kernel is locked down

Rafael J. Wysocki rafael at kernel.org
Thu Apr 6 20:12:38 UTC 2017


On Thu, Apr 6, 2017 at 10:09 PM, Rafael J. Wysocki <rafael at kernel.org> wrote:
> On Thu, Apr 6, 2017 at 10:41 AM, David Howells <dhowells at redhat.com> wrote:
>> Oliver Neukum <oneukum at suse.com> wrote:
>>
>>> Your swap partition may be located on an NVDIMM or be encrypted.
>>
>> An NVDIMM should be considered the same as any other persistent storage.
>>
>> It may be encrypted, but where's the key stored, how easy is it to retrieve
>> and does the swapout code know this?
>>
>>> Isn't this a bit overly drastic?
>>
>> Perhaps, but if it's on disk and it's not encrypted, then maybe not.
>
> Right.
>
> Swap encryption is not mandatory and I'm not sure how the hibernate
> code can verify whether or not it is in use.

BTW, SUSE has patches adding secure boot support to the hibernate code
and Jiri promised me to post them last year even. :-)

Thanks,
Rafael
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list