Linux Kernel Support Revived For Hibernation Encryption & Authentication
The kernel work has been revived for supporting encryption and authentication of hibernation snapshot images for better security.
Last summer an Intel developer posted patches supporting in-kernel hibernation encryption so that the memory pages dumped to disk during the hibernate process could be secured and verified on resume. We hadn't seen anything from that patch series in the months since until SUSE's Lee Chun-Yi has sent out a revised version of this work for encryption/authentication of hibernation images.
The goal of this work remains to ensure that any snapshot images were not modified while on disk. The authentication can be done using a TPM's trusted key or a user-defined key.
The "V2" patches offer up several fixes, no longer rely upon VLAs that were since dropped from the upstream Linux kernel, added memory barriers, and other code improvements.
It's too late for seeing this functionality added to the Linux 4.21 kernel merge window, but perhaps it will be good to go for the next cycle. Those interested in learning more about this encryption support for Linux hibernation can find additional details via the V2 patch series.
Last summer an Intel developer posted patches supporting in-kernel hibernation encryption so that the memory pages dumped to disk during the hibernate process could be secured and verified on resume. We hadn't seen anything from that patch series in the months since until SUSE's Lee Chun-Yi has sent out a revised version of this work for encryption/authentication of hibernation images.
The goal of this work remains to ensure that any snapshot images were not modified while on disk. The authentication can be done using a TPM's trusted key or a user-defined key.
The "V2" patches offer up several fixes, no longer rely upon VLAs that were since dropped from the upstream Linux kernel, added memory barriers, and other code improvements.
It's too late for seeing this functionality added to the Linux 4.21 kernel merge window, but perhaps it will be good to go for the next cycle. Those interested in learning more about this encryption support for Linux hibernation can find additional details via the V2 patch series.
Add A Comment