[PATCH 11/24] uswsusp: Disable when the kernel is locked down

poma pomidorabelisima at gmail.com
Sat Apr 8 03:28:15 UTC 2017


On 06.04.2017 22:25, Jiri Kosina wrote:
> On Thu, 6 Apr 2017, Rafael J. Wysocki wrote:
> 
>>>>> Your swap partition may be located on an NVDIMM or be encrypted.
>>>>
>>>> An NVDIMM should be considered the same as any other persistent storage.
>>>>
>>>> It may be encrypted, but where's the key stored, how easy is it to retrieve
>>>> and does the swapout code know this?
>>>>
>>>>> Isn't this a bit overly drastic?
>>>>
>>>> Perhaps, but if it's on disk and it's not encrypted, then maybe not.
>>>
>>> Right.
>>>
>>> Swap encryption is not mandatory and I'm not sure how the hibernate
>>> code can verify whether or not it is in use.
>>
>> BTW, SUSE has patches adding secure boot support to the hibernate code
>> and Jiri promised me to post them last year even. :-)
> 
> Oh, thanks for a friendly ping :) Adding Joey Lee to CC.
> 

Rafael J., are you talking about HIBERNATE_VERIFICATION ?

Ref.
https://github.com/joeyli/linux-s4sign/commits/s4sign-hmac-v2-v4.2-rc8
https://lkml.org/lkml/2015/8/11/47
https://bugzilla.redhat.com/show_bug.cgi?id=1330335

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list