Re: Supporting hibernation in Workstation ed., draft 1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 2, 2020 at 8:33 PM John M. Harris Jr <johnmh@xxxxxxxxxxxxx> wrote:
>
> On Sunday, May 31, 2020 11:45:40 AM MST Chris Murphy wrote:
> > On Sat, May 30, 2020 at 9:26 PM Tony Nelson
> > <tonynelson@xxxxxxxxxxxxxxxxx> wrote:
> >
> > >
> > >
> > > On 20-05-30 21:02:11, Chris Murphy wrote:
> > >
> > >   ...
> > >
> > > > Full disk encryption doesn't adequately secure the hibernation image
> > > > either. Authenticated encryption (signing as well as encryption) is
> > > > needed to verify the image hasn't been tampered.
> > >
> > >
> > >
> > > What can an attacker do other than corrupt the data?  It is encrypted.
> >
> >
> > You don't know, and neither do I. That's the problem.
>
> We do know. Nothing, really.

You do not know the attacker, when possession was lost, what the
attacker knows, or how long they have access to ciphertext. And that's
because the attack hasn't happened yet. Yet you assert omniscience.
Gotcha.


> A good option until then is to just take unsigned hibernation images and work
> like literally every other system. There's no reason to take away this
> functionality.

Why do you think it's good to tell users we support UEFI Secure Boot,
but then provide attackers a loop hole to get around it?




-- 
Chris Murphy
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux