Hi! > > > Note if someone has your laptop and the ability to boot their own > > > kernels, they could always corrupt the kernel into decrypting the > > > image or giving you the unsealed key, but there's no real way of > > > preventing that even with PCR sealing or lockdown, so the basis for > > > the threat model is very much my laptop in my possession running my > > > kernel. > > > > I'm not entirely sure I agree. With a TPM-aware bootloader, it > > really ought to be possible to seal to PCRs such that a corrupted > > kernel can't restore the image. Obviously a *compromised* but > > otherwise valid kernel will be able to restore the image. > > It is possible to seal the key so that only the same booted kernel can > restore the image, yes. One of the measurements that goes into the > boot log is the hash of the kernel and you can seal to this value ... > obviously if you upgrade your kernel RPM (or shim or grub) this value > changes and you'd lose the ability to restore the hibernated image, but > since the image is very kernel specific, that's probably OK.
Non-ancient kernels actually support hibernation by one kernel and
restore by another one.
But yes, normally it is same kernel binary doing hibernation and
restore.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
signature.asc
Description: Digital signature
