Hi! > > User space doesn't need to involve. The EFI root key is generated by > > EFI boot stub and be transfer to kernel. It's stored in EFI boot service > > variable that it can only be accessed by trusted EFI binary when > > secure boot is enabled. > > > Okay, this apply to the 'suspend' phase, right? > I'm still a little confused about the 'resume' phase. > Taking encryption as example(not signature), > the purpose of doing hibernation encryption is to prevent other users > from stealing ram content. Say, user A uses a passphrase to generate the No, I don't think that's purpose here. Purpose here is to prevent user from reading/modifying kernel memory content on machine he owns. Strange as it may sound, that is what "secure" boot requires (and what Disney wants). I guess it may have some non-evil uses, too... https://www.linux.com/news/matthew-garrett-explains-how-increase-security-boot-time Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature