On Tue, Mar 19, 2013 at 06:23:31PM +0000, James Bottomley wrote: > The scheme we discussed, unless something radically changed, was to > convey a temporary key pair via a mechanism to later verify the > hybernate kernel on a resume. That only requires reboot safe knowledge > of the public key. The private key can be conveyed in BS only (not NV), > and should be consumed (as in deleted) by the OS when it receives it, so > it wouldn't be exposed by this patch.
It requires the key to survive the system being entirely powered down, which means it needs to be BS+NV. It shouldn't be possible for userspace to access this key. -- Matthew Garrett | [email protected] -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
