In last hackweek, I implemented a RSA private key parser in kernel: https://github.com/SUSE/hackweek/wiki/RSA-private-key-parser-in-kernel

Then base on this parser, implemented hibernate signature verification, sent to kernel upstream: https://lkml.org/lkml/2013/9/14/183 https://github.com/joeyli/linux-s4sign

After discussion in LPC 2013, I got more idea from upstream experts for using symmetric key to implement hibernate signature check function. It's easier than using PKI and do not need shim's help to generate private key.

My plan is using HMAC, generating key in EFI stub and using it to sign hibernate image when S4 launched.

Result: Patch for generate/verify hibernate signature by HMAC https://github.com/joeyli/linux-s4sign/commit/8e01cd36e45115dd400b8eab4ff666ea4cdaa854

Looking for mad skills in:

hibernate

This project is part of:

Hack Week 11

Activity

  • about 5 years ago: dsterba liked Hibernate signature verification - Symmetric key edition
  • about 5 years ago: dsterba liked Hibernate signature verification - Symmetric key edition
  • about 5 years ago: dsterba liked Hibernate signature verification - Symmetric key edition
  • about 5 years ago: froh liked Hibernate signature verification - Symmetric key edition
  • about 5 years ago: duwe liked Hibernate signature verification - Symmetric key edition
  • Show History

    Comments

    Be the first to comment!

    Similar Projects

    This project is one of its kind!