| Message ID | 1437056730-15247-2-git-send-email-jlee@suse.com (mailing list archive) |
|---|---|
| State | RFC |
| Delegated to: | Rafael Wysocki |
| Headers | show |
On Thu 2015-07-16 22:25:15, Lee, Chun-Yi wrote: > Using HMAC-SHA1 to be the HMAC algorithm of signing hibernate > snapshot image. The digest size of HMAC-SHA1 is 160 bits (20 bytes), > this size will be also applied to the length of HMAC key. > > In addition, add HIBERNATE_VERIFICATION kernel config. > > Signed-off-by: Lee, Chun-Yi <jlee@suse.com> > --- > include/linux/suspend.h | 5 +++++ > kernel/power/Kconfig | 13 +++++++++++++ > kernel/power/power.h | 1 + > 3 files changed, 19 insertions(+) > > diff --git a/include/linux/suspend.h b/include/linux/suspend.h > index 5efe743..6cd2a48 100644 > --- a/include/linux/suspend.h > +++ b/include/linux/suspend.h > @@ -327,6 +327,11 @@ struct platform_hibernation_ops { > }; > > #ifdef CONFIG_HIBERNATION > + > +/* HMAC Algorithm of Hibernate Signature */ > +#define SWSUSP_HMAC "hmac(sha1)" > +#define SWSUSP_DIGEST_SIZE 20 I'd replace SWSUSP with HIBERNATION here, and pretty much everywhere.
On Tue, Jul 28, 2015 at 02:01:56PM +0200, Pavel Machek wrote: > On Thu 2015-07-16 22:25:15, Lee, Chun-Yi wrote: > > Using HMAC-SHA1 to be the HMAC algorithm of signing hibernate > > snapshot image. The digest size of HMAC-SHA1 is 160 bits (20 bytes), > > this size will be also applied to the length of HMAC key. > > > > In addition, add HIBERNATE_VERIFICATION kernel config. > > > > Signed-off-by: Lee, Chun-Yi <jlee@suse.com> > > --- > > include/linux/suspend.h | 5 +++++ > > kernel/power/Kconfig | 13 +++++++++++++ > > kernel/power/power.h | 1 + > > 3 files changed, 19 insertions(+) > > > > diff --git a/include/linux/suspend.h b/include/linux/suspend.h > > index 5efe743..6cd2a48 100644 > > --- a/include/linux/suspend.h > > +++ b/include/linux/suspend.h > > @@ -327,6 +327,11 @@ struct platform_hibernation_ops { > > }; > > > > #ifdef CONFIG_HIBERNATION > > + > > +/* HMAC Algorithm of Hibernate Signature */ > > +#define SWSUSP_HMAC "hmac(sha1)" > > +#define SWSUSP_DIGEST_SIZE 20 > > I'd replace SWSUSP with HIBERNATION here, and pretty much everywhere. > SWSUSP is shorter than HIBERNATION, and there have some codes in hibernate are also using swsusp. I still want to use it. Thanks a lot! Joey Lee -- To unsubscribe from this list: send the line "unsubscribe linux-pm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri 2015-07-31 18:08:12, joeyli wrote: > On Tue, Jul 28, 2015 at 02:01:56PM +0200, Pavel Machek wrote: > > On Thu 2015-07-16 22:25:15, Lee, Chun-Yi wrote: > > > Using HMAC-SHA1 to be the HMAC algorithm of signing hibernate > > > snapshot image. The digest size of HMAC-SHA1 is 160 bits (20 bytes), > > > this size will be also applied to the length of HMAC key. > > > > > > In addition, add HIBERNATE_VERIFICATION kernel config. > > > > > > Signed-off-by: Lee, Chun-Yi <jlee@suse.com> > > > --- > > > include/linux/suspend.h | 5 +++++ > > > kernel/power/Kconfig | 13 +++++++++++++ > > > kernel/power/power.h | 1 + > > > 3 files changed, 19 insertions(+) > > > > > > diff --git a/include/linux/suspend.h b/include/linux/suspend.h > > > index 5efe743..6cd2a48 100644 > > > --- a/include/linux/suspend.h > > > +++ b/include/linux/suspend.h > > > @@ -327,6 +327,11 @@ struct platform_hibernation_ops { > > > }; > > > > > > #ifdef CONFIG_HIBERNATION > > > + > > > +/* HMAC Algorithm of Hibernate Signature */ > > > +#define SWSUSP_HMAC "hmac(sha1)" > > > +#define SWSUSP_DIGEST_SIZE 20 > > > > I'd replace SWSUSP with HIBERNATION here, and pretty much everywhere. > > > > SWSUSP is shorter than HIBERNATION, and there have some codes in hibernate > are also using swsusp. I still want to use it. Yes, its shorter, but its old name we are trying to move away from. Please do the same. Pavel
On Fri, Jul 31, 2015 at 02:49:36PM +0200, Pavel Machek wrote: > On Fri 2015-07-31 18:08:12, joeyli wrote: > > On Tue, Jul 28, 2015 at 02:01:56PM +0200, Pavel Machek wrote: > > > On Thu 2015-07-16 22:25:15, Lee, Chun-Yi wrote: > > > > Using HMAC-SHA1 to be the HMAC algorithm of signing hibernate > > > > snapshot image. The digest size of HMAC-SHA1 is 160 bits (20 bytes), > > > > this size will be also applied to the length of HMAC key. > > > > > > > > In addition, add HIBERNATE_VERIFICATION kernel config. > > > > > > > > Signed-off-by: Lee, Chun-Yi <jlee@suse.com> > > > > --- > > > > include/linux/suspend.h | 5 +++++ > > > > kernel/power/Kconfig | 13 +++++++++++++ > > > > kernel/power/power.h | 1 + > > > > 3 files changed, 19 insertions(+) > > > > > > > > diff --git a/include/linux/suspend.h b/include/linux/suspend.h > > > > index 5efe743..6cd2a48 100644 > > > > --- a/include/linux/suspend.h > > > > +++ b/include/linux/suspend.h > > > > @@ -327,6 +327,11 @@ struct platform_hibernation_ops { > > > > }; > > > > > > > > #ifdef CONFIG_HIBERNATION > > > > + > > > > +/* HMAC Algorithm of Hibernate Signature */ > > > > +#define SWSUSP_HMAC "hmac(sha1)" > > > > +#define SWSUSP_DIGEST_SIZE 20 > > > > > > I'd replace SWSUSP with HIBERNATION here, and pretty much everywhere. > > > > > > > SWSUSP is shorter than HIBERNATION, and there have some codes in hibernate > > are also using swsusp. I still want to use it. > > Yes, its shorter, but its old name we are trying to move away > from. Please do the same. > Pavel OK~ I will rename. Thanks Joey Lee -- To unsubscribe from this list: send the line "unsubscribe linux-pm" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/linux/suspend.h b/include/linux/suspend.h index 5efe743..6cd2a48 100644 --- a/include/linux/suspend.h +++ b/include/linux/suspend.h @@ -327,6 +327,11 @@ struct platform_hibernation_ops { }; #ifdef CONFIG_HIBERNATION + +/* HMAC Algorithm of Hibernate Signature */ +#define SWSUSP_HMAC "hmac(sha1)" +#define SWSUSP_DIGEST_SIZE 20 + /* kernel/power/snapshot.c */ extern void __register_nosave_region(unsigned long b, unsigned long e, int km); static inline void __init register_nosave_region(unsigned long b, unsigned long e) diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig index 9e30231..8608b3b 100644 --- a/kernel/power/Kconfig +++ b/kernel/power/Kconfig @@ -66,6 +66,19 @@ config HIBERNATION For more information take a look at <file:Documentation/power/swsusp.txt>. +config HIBERNATE_VERIFICATION + bool "Hibernate verification" + depends on HIBERNATION + depends on EFI_STUB + depends on X86 + select CRYPTO_HMAC + select CRYPTO_SHA1 + help + This option provides support for generating and verifying the + signature of memory snapshot image by HMAC-SHA1. Current mechanism + relies on UEFI secure boot environment, EFI stub generates HMAC + key for hibernate verification. + config ARCH_SAVE_PAGE_KEYS bool diff --git a/kernel/power/power.h b/kernel/power/power.h index caadb56..f65fcf7 100644 --- a/kernel/power/power.h +++ b/kernel/power/power.h @@ -12,6 +12,7 @@ struct swsusp_info { unsigned long image_pages; unsigned long pages; unsigned long size; + u8 signature[SWSUSP_DIGEST_SIZE]; } __aligned(PAGE_SIZE); #ifdef CONFIG_HIBERNATION
Using HMAC-SHA1 to be the HMAC algorithm of signing hibernate snapshot image. The digest size of HMAC-SHA1 is 160 bits (20 bytes), this size will be also applied to the length of HMAC key. In addition, add HIBERNATE_VERIFICATION kernel config. Signed-off-by: Lee, Chun-Yi <jlee@suse.com> --- include/linux/suspend.h | 5 +++++ kernel/power/Kconfig | 13 +++++++++++++ kernel/power/power.h | 1 + 3 files changed, 19 insertions(+)