Announcement

Collapse
No announcement yet.

Google Posts Updated Encrypted Hibernation Patches For Linux

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google Posts Updated Encrypted Hibernation Patches For Linux

    Phoronix: Google Posts Updated Encrypted Hibernation Patches For Linux

    Back in May there was a patch series by Google engineers working on encrypted hibernation support for Linux that would be protected by the platform hardware itself like with a TPM module as well as user authentication by a password or other means. Sent out today is a second revision to that Linux encrypted hibernation support...

    https://www.phoronix.com/news/Linux-...Hibernation-v2

  • #2
    Nice, that would allow us to have Hibernation when SecureBoot is enabled

    Comment


    • #3
      Am i the only one starting trust google not more than microsoft ?

      Comment


      • #4
        Originally posted by Bigon View Post
        Nice, that would allow us to have Hibernation when SecureBoot is enabled
        But it works already?
        Full disk encryption, etc. ...

        Comment


        • #5
          Originally posted by Svyatko View Post

          But it works already?
          Full disk encryption, etc. ...
          Suspend to disk (hibernation) is disabled when you have SecureBoot. You only have suspend to RAM in that case.

          The reason is that somebody could read and/or modify the content of the RAM

          Comment


          • #6
            Why would you use unecrypted swap at all if security is a concern? Linux doesn't swap out kernel memory (unlike Windows IIRC), but if you're unlucky it'll still happily write out your passwords or private SSH keys to swap. Which are then readable upon reboot by anyone who cares enough to take a look. Security for me, but not for thee.

            So yeah, I don't see the point of this. Either you are paranoid enough for encrypted swap or you don't give enough of a shit to care about either case.

            And no, Secure Boot doesn't prevent hibernation. I use Secure Boot (with my own keys) all the time and I can hibernate just fine. What prevents hibernation is probably kernel lockdown which is an entirely different mechanism which also prevents loading unsigned (your own) modules or undervolting, among other things. I consider this quite offensive. It's more draconian than Windows in some ways. Anyway... In theory you might even enable kernel lockdown without SB. I haven't tried, but I don't see why not.

            Comment


            • #7
              I wonder if ChromeOS has any backdoors in its encrypted home implementation. I have a Chromebook but I don't know how much I trust its disk encryption compared to Linux or *BSD FDE. ChromeOS encryption feels somewhat like encryption in Windows.

              Comment


              • #8
                Originally posted by Bigon View Post

                Suspend to disk (hibernation) is disabled when you have SecureBoot. You only have suspend to RAM in that case.
                Suspend to disk works fine for me with SecureBoot on, both on this mini PC as well as my previous PC, which was a laptop even.

                Comment


                • #9
                  Originally posted by usta View Post
                  Am i the only one starting trust google not more than microsoft ?
                  Google has been worse than Microsoft for quite some time now. And the frightening thing is that while Microsoft is still improving somewhat, Google keeps getting worse.

                  Comment


                  • #10
                    Originally posted by usta View Post
                    Am i the only one starting trust google not more than microsoft ?
                    Google: Does good thing
                    Everyone: Remember all the evil things Google does? Aren't they awful?

                    Comment

                    Working...
                    X