On Sunday, September 15, 2013 08:56:46 AM Lee, Chun-Yi wrote: > Hi experts, > > This patchset is the implementation for signature verification of hibernate > snapshot image. The origin idea is from Jiri Kosina: Let EFI bootloader > generate key-pair in UEFI secure boot environment, then pass it to kernel > for sign/verify S4 image. > > Due to there have potential threat from the S4 image hacked, it may causes > kernel lost the trust in UEFI secure boot. Hacker attack the S4 snapshot > image in swap partition through whatever exploit from another trusted OS, > and the exploit may don't need physical access machine. > > So, this patchset give the ability to kernel for parsing RSA private key > from EFI bootloader, then using the private key to generate the signature > of S4 snapshot image. Kernel put the signature to snapshot header, and > verify the signature when kernel try to recover snapshot image to memory. I wonder what the status of this work is? Is it considered ready for inclusion or are you still going to work on it and resubmit? Rafael -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
