On Wed, 25 Sep 2013, James Bottomley wrote: > > I don't get this. Why is it important that current kernel can't > > recreate the signature? > > The thread model is an attack on the saved information (i.e. the suspend > image) between it being saved by the old kernel and used by the new one. > The important point isn't that the new kernel doesn't have access to > K_{N-1} it's that no-one does: the key is destroyed as soon as the old > kernel terminates however the verification public part P_{N-1} survives. James, could you please describe the exact scenario you think that the symmetric keys aproach doesn't protect against, while the assymetric key aproach does? The crucial points, which I believe make the symmetric key aproach work (and I feel quite embarassed by the fact that I haven't realized this initially when coming up with the assymetric keys aproach) are: - the kernel that is performing the actual resumption is trusted in the secure boot model, i.e. you trust it to perform proper verification - potentially malicious userspace (which is what we are protecting against -- malicious root creating fake hibernation image and issuing reboot) doesn't have access to the symmetric key -- Jiri Kosina SUSE Labs -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html