於 日,2013-08-25 於 18:42 +0200,Pavel Machek 提到:
> On Thu 2013-08-22 19:01:54, Lee, Chun-Yi wrote:
> > In current solution, the snapshot signature check used the RSA key-pair
> > that are generated by bootloader(e.g. shim) and pass the key-pair to
> > kernel through EFI variables. I choice to binding the snapshot
> > signature check mechanism with UEFI secure boot for provide stronger
> > protection of hibernate. Current behavior is following:
> >
> > + UEFI Secure Boot ON, Kernel found key-pair from shim:
> > Will do the S4 signature check.
> >
> > + UEFI Secure Boot ON, Kernel didn't find key-pair from shim:
> > Will lock down S4 function.
> >
> > + UEFI Secure Boot OFF
> > Will NOT do the S4 signature check.
> > Ignore any keys from bootloader.
> >
> > v2:
> > Replace sign_key_data_loaded() by skey_data_available() to check sign key data
> > is available for hibernate.
> >
> > Reviewed-by: Jiri Kosina <jkosina@xxxxxxx>
> > Signed-off-by: Lee, Chun-Yi <jlee@xxxxxxxx>
> > ---
> > kernel/power/hibernate.c | 36 +++++++++++++++++-
> > kernel/power/main.c | 11 +++++-
> > kernel/power/snapshot.c | 95 ++++++++++++++++++++++++++--------------------
> > kernel/power/swap.c | 4 +-
> > kernel/power/user.c | 11 +++++
> > 5 files changed, 112 insertions(+), 45 deletions(-)
> >
> > diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
> > index c545b15..0f19f3d 100644
> > --- a/kernel/power/hibernate.c
> > +++ b/kernel/power/hibernate.c
> > @@ -29,6 +29,7 @@
> > #include <linux/ctype.h>
> > #include <linux/genhd.h>
> > #include <linux/key.h>
> > +#include <linux/efi.h>
> >
> > #include "power.h"
> >
> > @@ -632,7 +633,14 @@ static void power_down(void)
> > int hibernate(void)
> > {
> > int error;
> > - int skey_error;
> > +
> > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > + if (!capable(CAP_COMPROMISE_KERNEL) && !skey_data_available()) {
> > +#else
> > + if (!capable(CAP_COMPROMISE_KERNEL)) {
> > +#endif
> > + return -EPERM;
> > + }
> >
> > lock_system_sleep();
> > /* The snapshot device should not be opened while we're running */
> > @@ -799,6 +807,15 @@ static int software_resume(void)
> > if (error)
> > goto Unlock;
> >
> > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > + if (!capable(CAP_COMPROMISE_KERNEL) && !wkey_data_available()) {
> > +#else
> > + if (!capable(CAP_COMPROMISE_KERNEL)) {
> > +#endif
> > + mutex_unlock(&pm_mutex);
> > + return -EPERM;
> > + }
> > +
> > /* The snapshot device should not be opened while we're running */
> > if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
> > error = -EBUSY;
> > @@ -892,6 +909,15 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
> > int i;
> > char *start = buf;
> >
> > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > + if (efi_enabled(EFI_SECURE_BOOT) && !skey_data_available()) {
> > +#else
> > + if (efi_enabled(EFI_SECURE_BOOT)) {
> > +#endif
> > + buf += sprintf(buf, "[%s]\n", "disabled");
> > + return buf-start;
> > + }
> > +
> > for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) {
> > if (!hibernation_modes[i])
> > continue;
> > @@ -926,6 +952,14 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
> > char *p;
> > int mode = HIBERNATION_INVALID;
> >
> > +#ifdef CONFIG_SNAPSHOT_VERIFICATION
> > + if (!capable(CAP_COMPROMISE_KERNEL) && !skey_data_available()) {
> > +#else
> > + if (!capable(CAP_COMPROMISE_KERNEL)) {
> > +#endif
> > + return -EPERM;
> > + }
> > +
> > p = memchr(buf, '\n', n);
> > len = p ? p - buf : n;
> >
>
> You clearly need some helper function.
> Pavel
>
I will use a help function to replace those ifdef block.
Thanks for your suggestion!
Joey Lee
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
