Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-08-08 Thread Yu Chen
Hi, On Wed, Aug 08, 2018 at 07:58:45PM +0200, Pavel Machek wrote: > On Mon 2018-08-06 18:39:58, joeyli wrote: > > On Mon, Aug 06, 2018 at 04:45:34PM +0800, Yu Chen wrote: > > > Hi Pavel, > > > On Sun, Aug 05, 2018 at 12:02:00PM +0200, Pavel Machek wrote: > > > &

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-08-08 Thread Yu Chen
Hi Pavel, Joey, Oliver Please let me describe the original requirement and my understanding about hibernation encryption here, thus help us sync on the same thread: On Wed, Aug 08, 2018 at 07:50:36PM +0200, Pavel Machek wrote: > Hi! > > > > > > User space doesn't need to involve. The EFI root key

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-08-07 Thread Yu Chen
On Mon, Aug 06, 2018 at 06:39:58PM +0800, joeyli wrote: > On Mon, Aug 06, 2018 at 04:45:34PM +0800, Yu Chen wrote: > > Hi Pavel, > > On Sun, Aug 05, 2018 at 12:02:00PM +0200, Pavel Machek wrote: > > > Hi! > > > > > > > > User space doesn

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-08-07 Thread Yu Chen
On Mon, Aug 06, 2018 at 12:20:20PM +0200, Oliver Neukum wrote: > On Mo, 2018-08-06 at 15:57 +0800, Yu Chen wrote: > > Hi Oliver, > > On Thu, Jul 26, 2018 at 09:30:46AM +0200, Oliver Neukum wrote: > > > On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote: > > > >

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-08-06 Thread Yu Chen
On Mon, Aug 06, 2018 at 05:48:04PM +0800, joeyli wrote: > On Mon, Aug 06, 2018 at 03:57:54PM +0800, Yu Chen wrote: > > Hi Oliver, > > On Thu, Jul 26, 2018 at 09:30:46AM +0200, Oliver Neukum wrote: > > > On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote: > > > >

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-08-06 Thread Yu Chen
Hi Pavel, On Sun, Aug 05, 2018 at 12:02:00PM +0200, Pavel Machek wrote: > Hi! > > > > User space doesn't need to involve. The EFI root key is generated by > > > EFI boot stub and be transfer to kernel. It's stored in EFI boot service > > > variable that it can only be accessed by trusted EFI binar

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-08-06 Thread Yu Chen
Hi Oliver, On Thu, Jul 26, 2018 at 09:30:46AM +0200, Oliver Neukum wrote: > On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote: > > > > Good point, we once tried to generate key in kernel, but people > > suggest to generate key in userspace and provide it to the > > kernel

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-08-02 Thread Yu Chen
Hi Joey, On Tue, Jul 31, 2018 at 01:04:15AM +0800, joeyli wrote: > Hi all, > > On Thu, Jul 26, 2018 at 04:14:04PM +0800, joeyli wrote: > > On Thu, Jul 26, 2018 at 09:30:46AM +0200, Oliver Neukum wrote: > > > On Di, 2018-07-24 at 00:23 +0800, Yu Chen wrote: > > &g

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-07-23 Thread Yu Chen
Hello, On Mon, Jul 23, 2018 at 02:22:27PM +0200, Pavel Machek wrote: > Hi! > > > > > 2. Ideally kernel memory should be encrypted by the > > > >kernel itself. We have uswsusp to support user > > > >space hibernation, however doing the encryption > > > >in kernel space has more advantag

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-07-23 Thread Yu Chen
Hi, On Mon, Jul 23, 2018 at 01:42:36PM +0200, Oliver Neukum wrote: > On Fr, 2018-07-20 at 12:25 +0200, Pavel Machek wrote: > > Hi! > > Hello, > > > > Let me paste the log here: > > > > > > 1. (This is not to compare with uswsusp but other > > > tools) One advantage is: Users do not have to >

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-07-19 Thread Yu Chen
On Thu, Jul 19, 2018 at 01:01:49PM +0200, Pavel Machek wrote: > On Thu 2018-07-19 07:58:51, Yu Chen wrote: > > Hi, > > On Wed, Jul 18, 2018 at 10:22:35PM +0200, Pavel Machek wrote: > > > On Thu 2018-07-19 00:38:06, Chen Yu wrote: > > > > As security becomes mo

Re: [PATCH 3/4][RFC v2] PM / Hibernate: Encrypt the snapshot pages before submitted to the block device

2018-07-18 Thread Yu Chen
Cc linux-ker...@vger.kernel.org and linux-crypto@vger.kernel.org On Thu, Jul 19, 2018 at 12:40:14AM +0800, Chen Yu wrote: > This is the core modification to encrypt the hibernation image. > It leverages the helper functions to encrypt the page data before > they are submitted to the block device.

Re: [PATCH 0/4][RFC v2] Introduce the in-kernel hibernation encryption

2018-07-18 Thread Yu Chen
Hi, On Wed, Jul 18, 2018 at 10:22:35PM +0200, Pavel Machek wrote: > On Thu 2018-07-19 00:38:06, Chen Yu wrote: > > As security becomes more and more important, we add the in-kernel > > encryption support for hibernation. > > Sorry, this does not really explain what security benefit it is > suppose

Re: PBKDF2 support in the linux kernel

2018-05-23 Thread Yu Chen
Hi Stephan, thanks for your reply, On Wed, May 23, 2018 at 1:43 AM Stephan Mueller wrote: > Am Dienstag, 22. Mai 2018, 05:00:40 CEST schrieb Yu Chen: > Hi Yu, > > Hi all, > > The request is that, we'd like to generate a symmetric key derived from > > user provi

PBKDF2 support in the linux kernel

2018-05-21 Thread Yu Chen
Hi all, The request is that, we'd like to generate a symmetric key derived from user provided passphase(not rely on any third-party library). May I know if there is a PBKDF2(Password-Based Key Derivation Function 2) support in the kernel? (https://tools.ietf.org/html/rfc2898#5.2) We have hmac sha1