Hi, Fedora Workstation working group has been investigating the working state of hibernation (suspend to disk) for about four months, and has produced a draft status report on the findings so far. Present status, impediments to support, and importantly, the specifics of how to address those impediments, are described. This is a draft, to reflect on-going work in this area. It's intended to be short and consumable. Suggestions welcome. I include the synopsis below for better visibility and list search. https://pagure.io/fedora-workstation/blob/master/f/hibernationstatus.md --- Synopsis: The Fedora Workstation working group recognizes hibernation can be useful, but due to impediments it's currently not practical to support it. This is a recognition of the current state of affairs, but the working group wishes hibernation could be relied upon, and thinks there is a viable approach for limited support of hibernation in the future. We encourage interested parties to pursue the needed improvements. In the meantime, given that hibernation isn't currently viable, the workstation WG decides that technical decisions will not be constrained by it. Decisions about Workstation's 'out of the box' configuration might conflict with the requirements of hibernation. There are desired enhancements to performance and security that are hindered by the status quo. The working group will re-evaluate when the significant impediments have been adequately addressed. We will support an install time means of enabling hibernation retained via Custom partitioning. If the user chooses to create a swap partition, the installer will include a resume=UUID kernel parameter hint so that the kernel can find the hibernation image.

On Fri, May 29, 2020 at 6:06 PM John M. Harris Jr <johnmh(a)splentity.com&gt; wrote: > > > I'm sorry, but this makes absolutely no sense. Disliking the story is not the same thing as it not making sense. There isn't much I can do about the former, but if you have a specific area where there is a lack of clarity, I'll try to clear it up.

>You can test hibernation right > now, and it will work. When you boot back up, it'll have everything just > as you left it. What systems is it broken on, those with Secure Boot? Not broken, disabled. That's the policy both upstream and in Fedora.

> I've just taken a Lenovo T500, installed GNOME Workstation and gone into > hibernation. It took about 30 seconds to boot back in, but I was right > where I left off. What exactly is broken, and for what portion of users? I don't know the Lenovo T500 firmware setup defaults. If it conforms to Microsoft Windows (8 or later) hardware certification specifications, then UEFI Secure Boot is enabled by default. And it mean you changed the defaults to get the results you're experiencing, thereby disabling a significant feature the Fedora invested significant resources to explicitly support.

I don't know whether or when there will be any changes to UI. I think it's already conditional now. The option to hibernate appears in the GUI on my test system that can hibernate and doesn't appear on the systems it's not supported on.

I only see it in the "Power Button Action" menu.

Am 30.05.20 um 09:36 schrieb Chris Murphy: > > It's a security risk that is incompatible with having UEFI Secure Boot enabled. > > The entire point of UEFI Secure Boot is to ensure cryptographic > verification that the kernel you're running is in fact a Fedora built > and signed kernel. Since resuming from hibernation completely replaces > memory contents with that of the image, if the hibernation image isn't > cryptographically signed too, it's an attack vector that permits > arbitrary code execution, including even in the kernel. > > Anything you put unencrypted on a disk, is insecure. If you don't run full disk encryption, nothing stops an attacker from simply change whatever he likes on disk right away.

On 20-05-30 21:02:11, Chris Murphy wrote: ... > Full disk encryption doesn't adequately secure the hibernation image > either. Authenticated encryption (signing as well as encryption) is > needed to verify the image hasn't been tampered. What can an attacker do other than corrupt the data? It is encrypted.

With tamper detection, does a single bit changed deny the use of the hibernated image?

In either case, what can an attacker accomplish?

> The upstream work, cited in the document, gets into the details, > and what additional work is needed for the next revision. Which reference is that? #5? It seemed short.

On Sunday, May 31, 2020 11:45:40 AM MST Chris Murphy wrote: > On Sat, May 30, 2020 at 9:26 PM Tony Nelson > <tonynelson(a)georgeanelson.com&gt; wrote: > > > > > > > On 20-05-30 21:02:11, Chris Murphy wrote: > > > > ... > > > > > Full disk encryption doesn't adequately secure the hibernation image > > > either. Authenticated encryption (signing as well as encryption) is > > > needed to verify the image hasn't been tampered. > > > > > > > > What can an attacker do other than corrupt the data? It is encrypted. > > > You don't know, and neither do I. That's the problem. We do know. Nothing, really.

A good option until then is to just take unsigned hibernation images and work like literally every other system. There's no reason to take away this functionality.

On 6/2/20 9:25 PM, Chris Murphy wrote: > On Tue, Jun 2, 2020 at 8:33 PM John M. Harris Jr <johnmh(a)splentity.com&gt; wrote: >> >> On Sunday, May 31, 2020 11:45:40 AM MST Chris Murphy wrote: >>> On Sat, May 30, 2020 at 9:26 PM Tony Nelson >>> <tonynelson(a)georgeanelson.com&gt; wrote: >>> >>>> >>>> >>>> On 20-05-30 21:02:11, Chris Murphy wrote: >>>> >>>> ... >>>> >>>>> Full disk encryption doesn't adequately secure the hibernation image >>>>> either. Authenticated encryption (signing as well as encryption) is >>>>> needed to verify the image hasn't been tampered. >>>> >>>> >>>> >>>> What can an attacker do other than corrupt the data? It is encrypted. >>> >>> >>> You don't know, and neither do I. That's the problem. >> >> We do know. Nothing, really. > > You do not know the attacker, when possession was lost, what the > attacker knows, or how long they have access to ciphertext. And that's > because the attack hasn't happened yet. Yet you assert omniscience. > Gotcha. I don't understand this concern either. How is it different than any encrypted filesystem? If you don't trust the encryption, then what's the point? What's the difference between an encrypted filesystem and an encrypted hibernation image that makes the image so insecure?

Am 03.06.20 um 07:27 schrieb Chris Murphy: > You trust the encryption only to provide confidentiality of your data > from the attacker. Not as a means of detecting an attack on your data. > And also this isn't really just user data, the hibernation image is > the kernel. If it's really compromised, it's a complete end run around > the guarantees of Secure Boot so necessarily it can't be weaker than > that implementation or the whole implementation is weakened. If it's > easier to exploit via the hibernation image, that's what attackers > will do. > making an unencrypted image tamper safe by signing it, is just unnecessary work frpm the POV of security as it stays insecure: a) an attacker can read the content and gain informations b) he can change the data on disk and just wait for a reboot. Signing the image for the pure integrity of the data structures to be (technically) "safe" to load is a whole different story and a gerneral good idea. But don't mix "safe" with "secure", it's not secure.

On Thu, 4 Jun 2020 10:13:59 -0600 Chris Murphy <lists(a)colorremedies.com&gt; wrote: > Also, as it relates to authenticated encrypted hibernation images, the > upstream proposal is that since hibernation images can exist anywhere, > they should always be encrypted independently from swap, and therefore > not depend on whether swap is encrypted or how. Just following the conversation for information purposes, but I have questions. If systemd-boot were to be used as boot service, could the hibernate image be written to /boot/efi in place of the kernel and initramfs, or in parallel? Would systemd-boot be able to use it? Would that satisfy the encrypted and signed requirements?

On Fri, May 29, 2020 at 9:12 PM John M. Harris Jr <johnmh(a)splentity.com&gt; wrote: > > > On Friday, May 29, 2020 5:25:23 PM MST Chris Murphy wrote: > > > On Fri, May 29, 2020 at 6:06 PM John M. Harris Jr > > <johnmh(a)splentity.com&gt; > > >You can test hibernation right > > > > > > now, and it will work. When you boot back up, it'll have everything > > > just > > > as you left it. What systems is it broken on, those with Secure Boot? > > > > > > > > Not broken, disabled. That's the policy both upstream and in Fedora. > > > > Then why not just re-enable it? Why in the world is it disabled? It's a security risk that is incompatible with having UEFI Secure Boot enabled.

The entire point of UEFI Secure Boot is to ensure cryptographic verification that the kernel you're running is in fact a Fedora built and signed kernel. Since resuming from hibernation completely replaces memory contents with that of the image, if the hibernation image isn't cryptographically signed too, it's an attack vector that permits arbitrary code execution, including even in the kernel. I will add a footnote clarifying this in draft 2. The proper enhancement is signed and encrypted hibernation images. If people want this to work, it's highly recommended they look into picking up the stalled work in this area. There is hardware attrition under way. And that means hibernation is getting tested less and less, with fewer kernel and desktop bug reports. And testers. It's a real going-concern problem. >If it's > > disabled, why did it work when I ran `systemctl hibernate`? Why does it > work with KDE Spin out of box? Your system doesn't have UEFI Secure Boot or it isn't enabled. With Secure Boot enabled, hibernation is one of many things that is subject to kernel lockdown across all of Fedora products including KDE. https://lwn.net/Articles/706637/ > I asked above, but it wasn't answered, and your answer to this has me a > bit confused. Is Secure Boot the issue that is blocking resume from > working properly? If so, I can ensure that Secure Boot is enabled on the > hardware that supports it, and try hibernation there. UEFI Secure Boot does not do the blocking. But it is used to enable the kernel lockdown policy, and the lockdown policy inhibits various things including hibernation. Specifically it will block both hibernation entry and resume. [ 0.850908] Lockdown: swapper/0: hibernation is restricted; see man kernel_lockdown.7 $ sudo systemctl hibernate Failed to hibernate system via logind: Sleep verb "hibernate" not supported Which also results in this: [109941.217325] Lockdown: systemd-logind: hibernation is restricted; see man kernel_lockdown.7 > > > Regardless, if that's the case, wouldn't it make more sense to keep > hibernation available in the UI where it's supported well, the systems > without Secure Boot? A trivial check for that could be false if BIOS, > and false if efivars doesn't show that it was booted with secure boot. I don't know whether or when there will be any changes to UI. I think it's already conditional now. The option to hibernate appears in the GUI on my test system that can hibernate and doesn't appear on the systems it's not supported on. -- Chris Murphy

I would expect that using an encrypted partition for swap should be sufficient to allow it though.

On Tuesday, June 2, 2020 9:45:45 PM MST Chris Murphy wrote: > On Tue, Jun 2, 2020 at 10:28 PM Samuel Sieb <samuel(a)sieb.net&gt; wrote: > > > > > I would expect that using an encrypted partition for swap should be > > sufficient to allow it though. > > Unfortunately not. Encryption provides no integrity or authenticity. > The original set of patches for signed and authenticated hibernation > images called for the use of an HMAC for signing, and upstream > considered this insufficient and asked why not use AES-GCM to provide > a real AE (authenticated encryption) model. In what way do you believe it's not sufficient?

> Not only is encryption alone inadequate, the signature verification > model should ensure that the hibernation image being restored was > created by the computer it is being restored to. Why?

> I am not a cryptographer. And I can't do a better job of explaining > it. But it's a problem. And my disappointment isn't relevant to the > security issue. It's relevant from a UX perspective I suppose. It's a severe UX issue that you cannot use a standard feature of normal systems, hibernation.

> But, I've also just spent two days trying to track down a new > hibernation bug, resulting in fatal hibernation entry. Even without > the Secure Boot issue, hibernation can be a problem that requires > resources that are not finite. I had this working reliably several > months ago, and I've exhausted my time and interest for now doing > kernel regression testing and have literally no idea why it's > consistently failing now. On three machines (one is a VM). I did > report it upstream, I haven't gotten a reply yet (normal). > > There are two emails, bottom one is the first. > https://lore.kernel.org/linux-pm/CAJCQCtQVGqxtZZTRgscT7e4inTacAd7KAmoNOz3gB4 > Hf1Nkp0w(a)mail.gmail.com/ > -- > Chris Murphy -- John M. Harris, Jr. _______________________________________________ devel mailing list -- devel(a)lists.fedoraproject.org To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

On Wed, Jun 3, 2020 at 1:07 PM Simo Sorce <simo(a)redhat.com&gt; wrote: > On Tue, 2020-06-02 at 21:58 -0700, John M. Harris Jr wrote: > > On Tuesday, June 2, 2020 9:45:45 PM MST Chris Murphy wrote: > > > On Tue, Jun 2, 2020 at 10:28 PM Samuel Sieb <samuel(a)sieb.net&gt; wrote: > > > > > > > I would expect that using an encrypted partition for swap should be > > > > sufficient to allow it though. > > > > > > Unfortunately not. Encryption provides no integrity or authenticity. > > > The original set of patches for signed and authenticated hibernation > > > images called for the use of an HMAC for signing, and upstream > > > considered this insufficient and asked why not use AES-GCM to provide > > > a real AE (authenticated encryption) model. > > > > In what way do you believe it's not sufficient? > > AES GCM Is generally *not* a good algorithm for disk encryption so I am > not sure why this is being brought up, HMAC is sufficient to verify > integrity. I don't know either. This is the discussion I'm referring to, for full context: https://lkml.org/lkml/2019/1/9/828

On Tue, 2020-06-02 at 21:58 -0700, John M. Harris Jr wrote: > On Tuesday, June 2, 2020 9:45:45 PM MST Chris Murphy wrote: > > > On Tue, Jun 2, 2020 at 10:28 PM Samuel Sieb <samuel(a)sieb.net&gt; wrote: > > > > > > > > > > I would expect that using an encrypted partition for swap should be > > > sufficient to allow it though. > > > > > > Unfortunately not. Encryption provides no integrity or authenticity. > > The original set of patches for signed and authenticated hibernation > > images called for the use of an HMAC for signing, and upstream > > considered this insufficient and asked why not use AES-GCM to provide > > a real AE (authenticated encryption) model. > > > In what way do you believe it's not sufficient? AES GCM Is generally *not* a good algorithm for disk encryption so I am not sure why this is being brought up, HMAC is sufficient to verify integrity.

In any case the problem is that adding integrity protection cannot be done w/o losing some space on the disk, as you need to save the integrity tag/hmac. As to why just encryption is not sufficient that is because you can easily play a number of replay attacks, corruption attacks, and potentially even sectors-wap attacks with naive encryption schemes. This can be sufficient to generate an attack vector in certain circumstance once the machine boots up again. (As an hypotetical if the attacker is able to observe which sector contains the passwd file and can corrupt it or replace it with other content that effectively gives it access with a known secret or a blank password or whatnot, or maybe it can create corruption in the kernel in such a way that it causes the machine to display a OOM that reveals encryption keys, or... the possibilities are endless).

> > Not only is encryption alone inadequate, the signature verification > > model should ensure that the hibernation image being restored was > > created by the computer it is being restored to. > > > Why? Evil maid attacks. Because without a signature you could replace the whole image with a completely functional one that you fully control.

Boot the system with a hybernation image generated on identical hardware but with your own data, give your own decryption key, presto, as soon as the hybernation image is restored the system is running your image. From there you could be able to use, for example, keys stored in the TPM or simply you capture the real password for the real image as soon as the user returns to the machine to unlock it and transmit it, and now you have access to the original disk image and all its contents... Again, possibilities abound. > > I am not a cryptographer. And I can't do a better job of explaining > > it. But it's a problem. And my disappointment isn't relevant to the > > security issue. It's relevant from a UX perspective I suppose. > > > It's a severe UX issue that you cannot use a standard feature of normal > systems, hibernation. A way to deal with hybernation o secure boot would be to *measure* the hybernated image as the last action of hybernation and store the measure in TPM. Fail to restore on boot if the TPM fails to check the measured image. (Measure here effectively ends up being running an HMAC on the whole disk image you want to restore and storing the results in TPM).

> > But, I've also just spent two days trying to track down a new > > hibernation bug, resulting in fatal hibernation entry. Even without > > the Secure Boot issue, hibernation can be a problem that requires > > resources that are not finite. I had this working reliably several > > months ago, and I've exhausted my time and interest for now doing > > kernel regression testing and have literally no idea why it's > > consistently failing now. On three machines (one is a VM). I did > > report it upstream, I haven't gotten a reply yet (normal). > > > > There are two emails, bottom one is the first. > > https://lore.kernel.org/linux-pm/CAJCQCtQVGqxtZZTRgscT7e4inTacAd7KAmoNOz > > 3gB4 Hf1Nkp0w(a)mail.gmail.com/

In what way is it incompatible with UEFI Secure Boot?

initramfs are signed, and the resume image is for that kernel, how is this an issue?

What if swap is on LUKS?

If kernel lockdown is what disables this, we should look at fixing kernel lockdown so that it doesn't break hibernation. This is definitely a security decision that we shouldn't be imposing on the masses needlessly, in my opinion.

On Tuesday, June 2, 2020 10:52:07 PM MST Chris Murphy wrote: > On Tue, Jun 2, 2020 at 8:42 PM John M. Harris Jr <johnmh(a)splentity.com&gt; > > If kernel lockdown is what disables this, we should look at fixing kernel > > lockdown so that it doesn't break hibernation. This is definitely a > > security decision that we shouldn't be imposing on the masses > > needlessly, in my opinion. > > > Instead you propose imposing a loophole for attackers to easily deploy > malware needlessly. Do you really not see how this is an untenable > position for Fedora? In my opinion, the threat model you're proposing here is absurd. If people can create a valid kernel image that will be loaded from a LUKS container, we have bigger problems.

On Wednesday, June 3, 2020 12:08:44 AM MST Chris Murphy wrote:

> And if it's enabled, the more likely attack vector is sabotage to > induce a crash or corrupt user data, rather than malware injection. > Since you don't know the nature of the attack, and neither do I, > neither one of us knows when the corruption manifests or how. That would require physical access to begin with, and there are much more interesting things you can do once you have physical access.

On all desktop systems I've used both personally and in enterprise rollouts, there are pins you can short to give yourself access to the firmware configuration.

I don't understand why, or where, there's a preference for AES-GCM. If you're talking about using that for the boot image, you're just putting another key the user is going to have to enter in front of them, which you've previously complained about. Simply placing the key in the TPM is a bad idea, because that leads to the exact same issue described above with physical access. While it's true some implementations wipe the TPM when you reset the boot firmware's settings, most do not. At that point, you've got the key from the TPM, you've got the key needed to decrypt the image and you're now able to get to the data on that system.

On Wednesday, June 3, 2020 9:05:22 PM MST Chris Murphy wrote: > UEFI Secure Boot doesn't prevent you from gaining access to firmware > setup. It can cause some options in firmware setup to become > unavailable, e.g. compatibility support modules for presenting a > legacy BIOS. I'm skeptical that pin shorts permit you to gain access > to such things - but if so, it's clearly a vulnerability that should > be reported. This is by design. Generally, there's a marking on the silkscreen with something like "PWD" or "PASSWD" to mark it.

-----Original Message----- From: John M. Harris Jr <johnmh(a)splentity.com&gt; Sent: Friday, May 29, 2020 8:06 PM On Friday, May 29, 2020 3:58:26 PM MST Chris Murphy wrote: > Hi, > > Fedora Workstation working group has been investigating the working > state of hibernation (suspend to disk) for about four months, and has > produced a draft status report on the findings so far. Present status, > impediments to support, and importantly, the specifics of how to > address those impediments, are described. > > This is a draft, to reflect on-going work in this area. It's intended > to be short and consumable. Suggestions welcome. I include the > synopsis below for better visibility and list search. > > https://pagure.io/fedora-workstation/blob/master/f/hibernationstatus.md > > --- > > Synopsis: > > The Fedora Workstation working group recognizes hibernation can be > useful, but due to impediments it's currently not practical to support > it. This is a recognition of the current state of affairs, but the > working group wishes hibernation could be relied upon, and thinks > there is a viable approach for limited support of hibernation in the > future. We encourage interested parties to pursue the needed > improvements. In the meantime, given that hibernation isn't currently > viable, the workstation WG decides that technical decisions will not > be constrained by it. Decisions about Workstation's 'out of the box' > configuration might conflict with the requirements of hibernation. > There are desired enhancements to performance and security that are > hindered by the status quo. The working group will re-evaluate when > the significant impediments have been adequately addressed. > > We will support an install time means of enabling hibernation retained > via Custom partitioning. If the user chooses to create a swap > partition, the installer will include a resume=UUID kernel parameter > hint so that the kernel can find the hibernation image. I'm sorry, but this makes absolutely no sense. You can test hibernation right now, and it will work. When you boot back up, it'll have everything just as you left it. What systems is it broken on, those with Secure Boot? Is there something in GNOME that has changed in the past few releases which broke it? I've just taken a Lenovo T500, installed GNOME Workstation and gone into hibernation. It took about 30 seconds to boot back in, but I was right where I left off. What exactly is broken, and for what portion of users?

-----Original Message----- From: Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl&gt; Sent: Sunday, May 31, 2020 6:01 AM On Sat, May 30, 2020 at 12:31:26AM +0000, Mark Pearson wrote: > > I've just taken a Lenovo T500, installed GNOME Workstation and gone into > > hibernation. It took about 30 seconds to boot back in, but I was right where I > > left off. What exactly is broken, and for what portion of users? > > > I can vouch that hibernate doesn't work on a bunch of platforms (including > the three that are part of the Lenovo+Fedora release). This is with secure > boot disabled, big enough swap etc. On my X1C7 the device just shuts down > and then it's as if you power cycled it when you power on again. > > I started poking at it a bit (we even have a RH bug somewhere) but in the > end have gone with "hibernate isn't supported" as the way forward. Can you post the bugzilla number? (Even if it is not public, at least RH people can look at it.)

On 30.05.2020 00:58, Chris Murphy wrote: > We will support an install time means of enabling hibernation retained > via Custom partitioning. If the user chooses to create a swap > partition, the installer will include a resume=UUID kernel parameter > hint so that the kernel can find the hibernation image. I think, it will be okay, but only if user don't use LUKS full-disk encryption. Using an unencrypted swap is a serious security breach. Anyone can extract LUKS passphrase from it. N.B. Fedora has major issues with resuming from encrypted swap partitions.

On 30.05.2020 11:51, Iñaki Ucar wrote: > What are the issues? I have full-disk encryption and > suspend-then-hibernate enabled (with secure boot disabled, of course), > and it resumes from hibernation without issues. Do you have encrypted by LUKS swap partition? Fedora cannot resume from encrypted by random passphrase (parameter tmp from crypttab) swap partition.

> If your swap is in a luks partition with a static passphrase (and > secureboot is disabled) then hibernate works just fine.

The Fedora Workstation working group recognizes hibernation can be useful, but due to impediments it's currently not practical to support it.