On 06.04.2017 22:25, Jiri Kosina wrote: > On Thu, 6 Apr 2017, Rafael J. Wysocki wrote: > >>>>> Your swap partition may be located on an NVDIMM or be encrypted. >>>> >>>> An NVDIMM should be considered the same as any other persistent storage. >>>> >>>> It may be encrypted, but where's the key stored, how easy is it to retrieve >>>> and does the swapout code know this? >>>> >>>>> Isn't this a bit overly drastic? >>>> >>>> Perhaps, but if it's on disk and it's not encrypted, then maybe not. >>> >>> Right. >>> >>> Swap encryption is not mandatory and I'm not sure how the hibernate >>> code can verify whether or not it is in use. >> >> BTW, SUSE has patches adding secure boot support to the hibernate code >> and Jiri promised me to post them last year even. :-) > > Oh, thanks for a friendly ping :) Adding Joey Lee to CC. > Rafael J., are you talking about HIBERNATE_VERIFICATION ? Ref. https://github.com/joeyli/linux-s4sign/commits/s4sign-hmac-v2-v4.2-rc8 https://lkml.org/lkml/2015/8/11/47 https://bugzilla.redhat.com/show_bug.cgi?id=1330335 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
