On Tue, Sep 20, 2022 at 10:46:48AM +0200, Pavel Machek wrote: > Hi! > > > We are exploring enabling hibernation in some new scenarios. However, > > our security team has a few requirements, listed below: > > 1. The hibernate image must be encrypted with protection derived from > > both the platform (eg TPM) and user authentication data (eg > > password). > > 2. Hibernation must not be a vector by which a malicious userspace can > > escalate to the kernel. > > Why is #2 reasonable requirement? These days with kernel lockdown we don't allow userspace to enter the kernel > We normally allow userspace with appropriate permissions to update the > kernel, for example. And in a lockdown secure boot environment only a signed kernel can be booted in the first place. A series like this is effectively carrying the secure boot trust across the hibernation Jason
