Google Working On Linux Encrypted Hibernation Support
Written by Michael Larabel in Google on 5 May 2022 at 07:18 AM EDT. 10 Comments
GOOGLE --
Google engineers are working on encrypted hibernation support for the Linux kernel as part of offering strong hibernation support for Google Chromebook usage.

Google engineers are working on "enabling hibernation in some new scenarios" but to do so safely. Besides taking preventative measures to ensure malicious user-space can't use hibernation as a stepping stone to kernel escalation, the Google security team is also mandating encrypted hibernation. The communication reads, "The hibernate image must be encrypted with protection derived from both the platform (eg TPM) and user authentication data (eg password)."

The uswsusp user-space software can be used for encryption support for during suspend, but that fails to meet Google's security requirements where the kernel can guarantee the integrity of the hibernation image. Being pursued now by Google is kernel-based encryption, support for using TPM-backed keys to encrypt the hibernate image, sealing the encryption key with a PCR policy, and other work to ensure the encrypted hibernate image can be trusted.
A couple of patches still need to be written on top of this series. The generalized functionality to OR in additional PCRs via Kconfig (like PCR 0 or 5) still needs to be added. We'll also need a patch that disallows unencrypted forms of resume from hibernation, to fully close the door to malicious userspace. However, I wanted to get this series out first and get reactions from upstream before continuing to add to it.

Those potentially interested in Linux encrypted hibernation support can find the initial patch series on the kernel mailing list.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week