On Fri 2018-06-22 10:14:10, Yu Chen wrote: > Hi, > On Thu, Jun 21, 2018 at 09:14:43PM +0200, Pavel Machek wrote: > > On Thu 2018-06-21 14:08:40, Rafael J. Wysocki wrote: > > > On Thu, Jun 21, 2018 at 10:53 AM, Pavel Machek <pa...@ucw.cz> wrote: > > > > Hi! > > > > > > > >> As security becomes more and more important, we add the in-kernel > > > >> encryption support for hibernation. > > > > ... > > > >> There was a discussion on the mailing list on whether this key should > > > >> be derived in kernel or in user space. And it turns out to be > > > >> generating > > > >> the key by user space is more acceptable[1]. So this patch set is > > > >> divided > > > >> into two parts: > > > >> 1. The hibernation snapshot encryption in kernel space, > > > >> 2. the key derivation implementation in user space. > > > > > > > > uswsusp was created so that this kind of stuff could be kept in > > > > userspace. You get graphical progress bar (etc) too. As you already > > > > have userspace component for key derivation, I see no advantages to > > > > uswsusp. > > > > > > > > If you have some, please explain. > > > > > > Not having to transfer plain text kernel memory to user space is one > > > IMO. > > > > Well, AFAICT in this case userland has the key and encrypted data are > > on disk. That does not seem to be improvement. > > > uswsusp needs to read the snapshot from kernel first, while > do encryption in kernel directly would reduce the IO. Besides, > the kernel memory content is protect from been read from > user space from first place, although finally they are > encrypted on the disk.
If you believe you solution is faster, please benchmark it. I don't
believe it will be.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature
