Google Working On Linux Encrypted Hibernation Support

Written by Michael Larabel in Google on 5 May 2022 at 07:18 AM EDT. 10 Comments
GOOGLE
Google engineers are working on encrypted hibernation support for the Linux kernel as part of offering strong hibernation support for Google Chromebook usage.

Google engineers are working on "enabling hibernation in some new scenarios" but to do so safely. Besides taking preventative measures to ensure malicious user-space can't use hibernation as a stepping stone to kernel escalation, the Google security team is also mandating encrypted hibernation. The communication reads, "The hibernate image must be encrypted with protection derived from both the platform (eg TPM) and user authentication data (eg password)."

The uswsusp user-space software can be used for encryption support for during suspend, but that fails to meet Google's security requirements where the kernel can guarantee the integrity of the hibernation image. Being pursued now by Google is kernel-based encryption, support for using TPM-backed keys to encrypt the hibernate image, sealing the encryption key with a PCR policy, and other work to ensure the encrypted hibernate image can be trusted.
A couple of patches still need to be written on top of this series. The generalized functionality to OR in additional PCRs via Kconfig (like PCR 0 or 5) still needs to be added. We'll also need a patch that disallows unencrypted forms of resume from hibernation, to fully close the door to malicious userspace. However, I wanted to get this series out first and get reactions from upstream before continuing to add to it.

Those potentially interested in Linux encrypted hibernation support can find the initial patch series on the kernel mailing list.
10 Comments
Related News
Google Chrome/Chromium Lands linux_drm_syncobj_v1 For Wayland Explicit Sync
Chrome Adds Support For FreeDesktop Secret Service & Better Wayland Window Dragging
Android 15 Released To The Android Open-Source Project
Google Increases AVIF Image Format Support With Google Search Support
Google Making Progress On 16KB Page Size For Android
Chrome 128 Released With Isolated Web Apps, Standardized CSS Zoom
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features