On Tue 2018-07-24 13:49:41, Oliver Neukum wrote: > On Mo, 2018-07-23 at 14:22 +0200, Pavel Machek wrote: > > > > Yes. But you are objecting to encryption in kernel space at all, > > > aren't you? > > > > I don't particulary love the idea of doing hibernation encryption in > > the kernel, correct. > > > > But we have this weird thing called secure boot, some people seem to > > want. So we may need some crypto in the kernel -- but I'd like > > something that works with uswsusp, too. Plus, it is mandatory that > > patch explains what security guarantees they want to provide against > > what kinds of attacks... > > Hi, > > very well, maybe we should state clearly that the goal of these > patch set is to make Secure Boot and STD coexist. Anything else > is a nice side effect, but not the primary justification, right? > > And we further agree that the model of Secure Boot requires the > encryption to be done in kernel space, don't we? > Furthermore IMHO the key must also be generated in trusted code, > hence in kernel space. Yu Chen, I really cannot see how > a symmetrical encryption with a known key can be secure. Nicely said. Yes, this is the message I was trying to get across. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
