From 7878b466ced5cd807db8cc12eb580220890c220f Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Tue, 12 Dec 2017 18:01:42 +0800
Subject: [PATCH 09/11] PM / hibernate: prevent EFI secret key to be
regenerated
Patch-mainline: Never, SUSE-specific
References: fate#316350
Because hibernation verification relies on EFI secret key. Which means
that the secret key can not be changed when system runs into hibernation.
So, the EFI secret key regenerate flag must be removed when hibernation.
Joey Lee:
The EFI secure key mechanism be rejected by kernel upstream because
- The entropy inputs in EFI boot stage are too weak for key generation.
- SLE applied RDRAND (x86) or EFI_RNG_PROTOCOL to grab stronger entropy.
- The UEFI variable store was not designed with confidentiality in mind.
Secure boot relies on Microsoft's Business interests. Microsoft doesn't
use UEFI variables for confidentiality, so we shouldn't either.
References: https://lkml.org/lkml/2018/8/5/10
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
kernel/power/hibernate.c | 1 +
kernel/power/user.c | 3 +++
2 files changed, 4 insertions(+)
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -710,6 +710,7 @@ int hibernate(void)
pm_pr_dbg("Hibernation not available.\n");
return -EPERM;
}
+ efi_skey_stop_regen();
error = snapshot_create_trampoline();
if (error)
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -22,6 +22,7 @@
#include <linux/cpu.h>
#include <linux/freezer.h>
#include <linux/security.h>
+#include <linux/efi.h>
#include <linux/uaccess.h>
@@ -347,6 +348,7 @@ static long snapshot_ioctl(struct file *
error = -EPERM;
break;
}
+ efi_skey_stop_regen();
/*
* Tasks are frozen and the notifiers have been called with
* PM_HIBERNATION_PREPARE
@@ -360,6 +362,7 @@ static long snapshot_ioctl(struct file *
break;
case SNAPSHOT_POWER_OFF:
+ efi_skey_stop_regen();
if (data->platform_support)
error = hibernation_platform_enter();
break;