On Wed, 2013-08-28 at 18:37 -0400, Lenny Szubowicz wrote:
> Did you purposely exclude similar checks for hibernate that were covered
> by earlier versions of your patch set?
Yes, I think it's worth tying it in with the encrypted hibernation
support. The local attack is significantly harder in the hibernation
case - in the face of unknown hardware it basically involves a
pre-generated memory image corresponding to your system or the ability
to force a reboot into an untrusted environment. I think it's probably
more workable to just add a configuration option for forcing encrypted
hibernation when secure boot is in use.
--
Matthew Garrett <matthew.garrett@xxxxxxxxxx>
��.n��������+%�������w��{.n�����{����*�jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
