Re: [PATCH 13/18] Hibernate: Avoid S4 sign key data included in snapshot image

於 日，2013-08-25 於 18:39 +0200，Pavel Machek 提到： On Thu 2013-08-22 19:01:52, Lee, Chun-Yi wrote: This patch add swsusp_page_is_sign_key() method to hibernate_key.c and check the page is S4 sign key data when collect saveable page in snapshot.c to avoid sign key data included in snapshot image.

Re: [PATCH 03/18] asymmetric keys: separate the length checking of octet string from RSA_I2OSP

On Mon, 26 Aug 2013, Pavel Machek wrote: Due to RSA_I2OSP is not only used by signature verification path but also used in signature generation path. So, separate the length checking of octet string because it's not for generate 0x00 0x01 leading string when used in

Re: [PATCH] kernel/padata.c: Register hotcpu notifier after initialization

On Fri, Aug 23, 2013 at 01:12:33PM +0200, Richard Weinberger wrote: padata_cpu_callback() takes pinst-lock, to avoid taking an uninitialized lock, register the notifier after it's initialization. Signed-off-by: Richard Weinberger rich...@nod.at Looks ok, Acked-by: Steffen Klassert

Re: [PATCH 15/18] Hibernate: adapt to UEFI secure boot with signature check

於 日，2013-08-25 於 18:42 +0200，Pavel Machek 提到： On Thu 2013-08-22 19:01:54, Lee, Chun-Yi wrote: In current solution, the snapshot signature check used the RSA key-pair that are generated by bootloader(e.g. shim) and pass the key-pair to kernel through EFI variables. I choice to binding the

Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm

於 日，2013-08-25 於 18:43 +0200，Pavel Machek 提到： On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote: This patch introduced SNAPSHOT_SIG_HASH config for user to select which hash algorithm will be used during signature generation of snapshot. v2: Add define check of

Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot

@@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, setup_efi_pci(boot_params); +#ifdef CONFIG_SNAPSHOT_VERIFICATION + setup_s4_keys(boot_params); +#endif + Move ifdef inside the function? OK, I will define a

Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm

On Tue 2013-08-27 18:22:17, joeyli wrote: 於 日，2013-08-25 於 18:43 +0200，Pavel Machek 提到： On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote: This patch introduced SNAPSHOT_SIG_HASH config for user to select which hash algorithm will be used during signature generation of snapshot. v2:

Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot

On Tue, 27 Aug 2013, 13:29:43 +0200, Pavel Machek wrote: @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, setup_efi_pci(boot_params); +#ifdef CONFIG_SNAPSHOT_VERIFICATION + setup_s4_keys(boot_params);

Re: [PATCH 17/18] Hibernate: introduced SNAPSHOT_SIG_HASH config for select hash algorithm

於 二，2013-08-27 於 13:30 +0200，Pavel Machek 提到： On Tue 2013-08-27 18:22:17, joeyli wrote: 於 日，2013-08-25 於 18:43 +0200，Pavel Machek 提到： On Thu 2013-08-22 19:01:56, Lee, Chun-Yi wrote: This patch introduced SNAPSHOT_SIG_HASH config for user to select which hash algorithm will be used

Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot

於 二，2013-08-27 於 13:29 +0200，Pavel Machek 提到： @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, setup_efi_pci(boot_params); +#ifdef CONFIG_SNAPSHOT_VERIFICATION + setup_s4_keys(boot_params); +#endif

Re: [PATCH 11/18] Hibernate: introduced RSA key-pair to verify signature of snapshot

On Tue 2013-08-27 14:01:42, Manfred Hollstein wrote: On Tue, 27 Aug 2013, 13:29:43 +0200, Pavel Machek wrote: @@ -1205,6 +1290,10 @@ struct boot_params *efi_main(void *handle, efi_system_table_t *_table, setup_efi_pci(boot_params); +#ifdef