From ba4074484d792ae861f7a0133951ad299c16d56c Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Wed, 13 Dec 2017 18:34:58 +0800
Subject: [PATCH 11/11] PM / hibernate: require hibernate snapshot image to be
 validly signed when kernel is locked down
Patch-mainline: Never, SUSE-specific
References: fate#316350

When the kernel is locked down, the snapshot must be signed by secret
key. Kernel should stops whole resuming process when the snapshot is
unsigned or signed by wrong key. If the efi secret key is invalid
(when secure boot is disabled), the hibernation function will be locked
down.

Joey Lee:
This patch will be replaced after hibernation encryption with TPM
is ready on mainline. It needs some big changes after review by
upstream:
 - Simplify the design: remove keyring dependency and trampoline.
 - Encrypted whole snapshot image instead of only data pages.
 - Using TPM:
        - Direct use TPM API in hibernation instead of keyring
        - Localities (suggested by James Bottomley)

References: https://lkml.org/lkml/2019/1/3/281
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
 kernel/power/hibernate.c |   16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -83,9 +83,19 @@ void hibernate_release(void)
 
 bool hibernation_available(void)
 {
-	return nohibernate == 0 &&
-		!security_locked_down(LOCKDOWN_HIBERNATION) &&
-		!secretmem_active();
+	if (nohibernate != 0 || secretmem_active())
+		return false;
+
+	if (security_locked_down(LOCKDOWN_HIBERNATION) || snapshot_is_enforce_verify()) {
+		snapshot_set_enforce_verify();
+		if (get_efi_secret_key())
+			return true;
+		else
+			pr_warn("the secret key is invalid\n");
+		return false;
+	} else {
+		return true;
+	}
 }
 
 /**