Re: [RFC V4 PATCH 00/15] Signature verification of hibernate snapshot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sunday, September 15, 2013 08:56:46 AM Lee, Chun-Yi wrote:
> Hi experts,
> 
> This patchset is the implementation for signature verification of hibernate
> snapshot image. The origin idea is from Jiri Kosina: Let EFI bootloader
> generate key-pair in UEFI secure boot environment, then pass it to kernel
> for sign/verify S4 image.
> 
> Due to there have potential threat from the S4 image hacked, it may causes
> kernel lost the trust in UEFI secure boot. Hacker attack the S4 snapshot
> image in swap partition through whatever exploit from another trusted OS,
> and the exploit may don't need physical access machine.
> 
> So, this patchset give the ability to kernel for parsing RSA private key
> from EFI bootloader, then using the private key to generate the signature
> of S4 snapshot image. Kernel put the signature to snapshot header, and
> verify the signature when kernel try to recover snapshot image to memory.

I wonder what the status of this work is?  Is it considered ready for inclusion
or are you still going to work on it and resubmit?

Rafael

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux