> This patch added verification for userspace memory integrity after
> S3 resume.
It does not work.
> Integrity verification for other memory (say kernel itself) has been done by tboot.
>
Not true. Kernel uses memory above 4G on x86-64. Including... say
console writing functions.
You can patch holes, but without description 'what does this protect
against' it is almost impossible to evaluate.
> +void tboot_do_suspend_lowlevel(void)
> +{
> + int ret = -1;
> +
> + if (!tboot_enabled()) {
> + do_suspend_lowlevel();
> + return;
> + }
> +
> + ret = tboot_pre_stack_switch();
> + if (!ret) {
> + tboot_switch_stack_call(tboot_do_suspend_lowlevel_call,
> + (u64)new_stack_ptr);
...and here you add requirements to suspend_lowlevel that were not
there before. ("May not act on unchecksummed memory"), without
documenting them.
NAK.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
_______________________________________________
linux-pm mailing list
linux-pm@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/linux-pm
