Thread (66 messages) 66 messages, 5 authors, 2013-09-05

Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot

From: joeyli <jlee@suse.com>
Date: 2013-08-27 09:04:43
Also in: linux-efi, linux-pm

Hi Pavel, 

於 日,2013-08-25 於 18:25 +0200,Pavel Machek 提到:
On Thu 2013-08-22 19:01:50, Lee, Chun-Yi wrote:
quoted
Introduced a hibernate_key.c file to query the key pair from EFI variables
and maintain key pair for check signature of S4 snapshot image. We
loaded the private key when snapshot image stored success.

This patch introduced 2 EFI variables for store the key to sign S4 image and
verify signature when S4 wake up. The names and GUID are:
  S4SignKey-fe141863-c070-478e-b8a3-878a5dc9ef21
  S4WakeKey-fe141863-c070-478e-b8a3-878a5dc9ef21

S4SignKey is used by EFI bootloader to pass the RSA private key that packaged
by PKCS#8 format, kernel will read and parser it when system boot and reload
it when S4 resume. EFI bootloader need gnerate a new private key when every
time system boot.

S4WakeKey is used to pass the RSA public key that packaged by X.509
certificate, kernel will read and parser it for check the signature of
S4 snapshot image when S4 resume.

The follow-up patch will remove S4SignKey and S4WakeKey after load them
to kernel for avoid anyone can access it through efivarfs.

v3:
- Load S4 sign key before ExitBootServices.
  Load private key before ExitBootServices() then bootloader doesn't need
  generate key-pair for each booting:
   + Add setup_s4_keys() to eboot.c to load S4 sign key before ExitBootServices.
   + Reserve the memory block of sign key data blob in efi.c
- In Makefile, moved hibernate_keys.o before hibernate.o for load S4 sign
  key before check hibernate image. It makes sure the new sign key will be
  transfer to resume target kernel.
- Set "depends on EFI_STUB" in Kconfig

v2:
Add CONFIG_SNAPSHOT_VERIFICATION for build of hibernate_keys.c depend on
Kconfig.

Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Takashi Iwai <redacted>
Reviewed-by: Jiri Kosina <redacted>
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
quoted
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -368,6 +368,91 @@ free_handle:
 	return status;
 }
 
+#ifdef CONFIG_SNAPSHOT_VERIFICATION
+static efi_status_t setup_s4_keys(struct boot_params *params)
+{
+	struct setup_data *data;
+	unsigned long datasize;
+	u32 attr;
+	struct efi_s4_key *s4key;
+	efi_status_t status;
+
+	data = (struct setup_data *)(unsigned long)params->hdr.setup_data;
A bit too many casts.
Thanks.
Yes, here is my mistake, I will remove "unsigned long" cast.
quoted
@@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table,
 
 	setup_efi_pci(boot_params);
 
+#ifdef CONFIG_SNAPSHOT_VERIFICATION
+	setup_s4_keys(boot_params);
+#endif
+
Move ifdef inside the function?
OK, I will define a dummy function for non-verification situation.
quoted
@@ -729,6 +792,11 @@ void __init efi_init(void)
 
 	set_bit(EFI_SYSTEM_TABLES, &x86_efi_facility);
 
+#ifdef CONFIG_SNAPSHOT_VERIFICATION
+	/* keep s4 key from setup_data */
+	efi_reserve_s4_skey_data();
+#endif
+
Here too.
I will also use dummy function here. 


Thanks
Joey Lee

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help