In last hackweek, I implemented a RSA private key parser in kernel: https://github.com/SUSE/hackweek/wiki/RSA-private-key-parser-in-kernel

Then base on this parser, implemented hibernate signature verification, sent to kernel upstream: https://lkml.org/lkml/2013/9/14/183 https://github.com/joeyli/linux-s4sign

After discussion in LPC 2013, I got more idea from upstream experts for using symmetric key to implement hibernate signature check function. It's easier than using PKI and do not need shim's help to generate private key.

My plan is using HMAC, generating key in EFI stub and using it to sign hibernate image when S4 launched.

Result: Patch for generate/verify hibernate signature by HMAC https://github.com/joeyli/linux-s4sign/commit/8e01cd36e45115dd400b8eab4ff666ea4cdaa854

#### Looking for mad skills in:

hibernate

#### This project is part of:

Hack Week 11

#### Activity

*over 5 years ago:*dsterba liked Hibernate signature verification - Symmetric key edition

*over 5 years ago:*dsterba liked Hibernate signature verification - Symmetric key edition

*over 5 years ago:*dsterba liked Hibernate signature verification - Symmetric key edition

*over 5 years ago:*froh liked Hibernate signature verification - Symmetric key edition

*over 5 years ago:*duwe liked Hibernate signature verification - Symmetric key edition

#### Comments

Be the first to comment!

#### Similar Projects

This project is one of its kind!