2018年5月14日 星期一

Hibernation encryption and authentication in Linux kernel

I resumed the development for hibernation encryption and authentication in Linux kernel:

https://github.com/joeyli/linux-s4sign/wiki

This is the home page for developing hibernation encryption and authentication in Linux kernel:
TODO:
  • Hibernation snapshot encryption:
  • Adapt to key retention service: Using the KMK (Kernel Master Key) in keyring to create encrypted key for encryption and authentication.
    • Kernel: Using KMK and Encrypted-key in kernel, put the encrypted key to snapshot header [WIP]
  • Support different KMK types:
    • Trusted Key and User Key: Modify systemd and dracut, enroll KMK to kernel before S4 resume.
    • EFI KMK: Using EFI boot variable to keep/reload 64 bytes KMK
      • Rescue mechanism: EFI KMK may lost when firmware update or firmware recovery.

Currently, the challenges are from EFI key and systemd/dracut. Both of them are important for the secret key source of hibernation encryption/authentication.

沒有留言:

張貼留言