In last hackweek, I implemented a RSA private key parser in kernel: https://github.com/SUSE/hackweek/wiki/RSA-private-key-parser-in-kernel
Then base on this parser, implemented hibernate signature verification, sent to kernel upstream: https://lkml.org/lkml/2013/9/14/183 https://github.com/joeyli/linux-s4sign
After discussion in LPC 2013, I got more idea from upstream experts for using symmetric key to implement hibernate signature check function. It's easier than using PKI and do not need shim's help to generate private key.
My plan is using HMAC, generating key in EFI stub and using it to sign hibernate image when S4 launched.
Result: Patch for generate/verify hibernate signature by HMAC https://github.com/joeyli/linux-s4sign/commit/8e01cd36e45115dd400b8eab4ff666ea4cdaa854
Looking for hackers with the skills:
This project is part of:
Hack Week 11
This project is one of its kind!