On Do, 2018-08-09 at 11:01 +0800, Yu Chen wrote:
Hi,
> User requirement:
> A is the user, B is the attacker, user A launches a STD and
> encrypts A's ram data, then writes these encrypted data onto
> the disk, so that: Even if user B has access to the disk,
> B could not know the content of A. W
On Di, 2018-08-07 at 15:38 +0800, Yu Chen wrote:
> > As STD affects the whole machine it must require root rights.
> > So I cannot see how you can talk about a session belonging
> > to a user. Please explain.
> >
>
> The case is for physical access, not the 'user' in OS.
Well, yes, but Secure Bo
On Mo, 2018-08-06 at 15:57 +0800, Yu Chen wrote:
> Hi Oliver,
> On Thu, Jul 26, 2018 at 09:30:46AM +0200, Oliver Neukum wrote:
> > On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote:
> > >
> > > Good point, we once tried to generate key in kernel, but people
&g
On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote:
>
> Good point, we once tried to generate key in kernel, but people
> suggest to generate key in userspace and provide it to the
> kernel, which is what ecryptfs do currently, so it seems this
> should also be safe for encryption in kernel.
> https:
On Di, 2018-07-24 at 15:03 +0200, Pavel Machek wrote:
> On Tue 2018-07-24 14:47:54, Oliver Neukum wrote:
> > On Di, 2018-07-24 at 14:01 +0200, Pavel Machek wrote:
Hi,
> > > Safe against what kind of attack? Please describe what kind of
> > > security you are trying to
On Di, 2018-07-24 at 14:01 +0200, Pavel Machek wrote:
> Hi!
>
> > > > >"There have some functions be locked-down because
> > > > >there have no appropriate mechanisms to check the
> > > > >integrity of writing data."
> > > > >https://patchwork.kernel.org/patch/10476
On Mo, 2018-07-23 at 14:22 +0200, Pavel Machek wrote:
> > Yes. But you are objecting to encryption in kernel space at all,
> > aren't you?
>
> I don't particulary love the idea of doing hibernation encryption in
> the kernel, correct.
>
> But we have this weird thing called secure boot, some peo
On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote:
> Hi,
> On Mon, Jul 23, 2018 at 01:42:36PM +0200, Oliver Neukum wrote:
> > On Fr, 2018-07-20 at 12:25 +0200, Pavel Machek wrote:
> > > So your goal is to make hibernation compatible with kernel
> > > lockdown? Do y
On Fr, 2018-07-20 at 12:25 +0200, Pavel Machek wrote:
> Hi!
Hello,
> > Let me paste the log here:
> >
> > 1. (This is not to compare with uswsusp but other
> > tools) One advantage is: Users do not have to
> > encrypt the whole swap partition as other tools.
>
> Well.. encrypting the pa
