Hi Randy, On Wed, Sep 12, 2018 at 09:24:38AM -0700, Randy Dunlap wrote: > Hi, > > On 9/12/18 7:23 AM, Lee, Chun-Yi wrote: > > diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig > > index 7c5c30149dbc..3c998fd6dc4c 100644 > > --- a/kernel/power/Kconfig > > +++ b/kernel/power/Kconfig > > @@ -90,6 +90,17 @@ config HIBERNATION_ENC_AUTH > > master key of hibernation. The TPM trusted key depends on TPM. The > > security of user defined key relies on user space. > > > > +config HIBERNATION_ENC_AUTH_FORCE > > + bool "Require hibernate snapshot image to be validly signed" > > + depends on HIBERNATION_ENC_AUTH > > + help > > + This option will prevent that a snapshot image without (valid) > > + signature be restored. Without this option, a unauthenticated > > an > > > + snapshot image can be restored but the restored kernel will be > > + tainted. Which also means that the hibernation can be triggered > > s/Which/This/ > > or like this: > tainted, which also >
Thanks for your review and suggestion! I will update the description in next version. Regards Joey Lee
