You are not logged in.

#1 2020-03-11 13:49:12

theBawbe
Member
Registered: 2020-03-11
Posts: 3

Why is hibernation disabled in linux-hardened?

From https://bugs.archlinux.org/task/63648 I can see that hibernation is disabled by choice in linux-hardened, and it seems that using suspend to RAM is recommend instead. What is the reason for this? If we assume a very high threat level from a sophisticated attacker i.e. a three letter agency, then there seems to be a very common scenario where hibernation would be preferred over suspend to RAM.

That is say, you are leaving your current location and intend to travel a short distance to walk across campus, to grab a cup of coffee, to meet a colleague for lunch, whatever. You suspend your laptop to RAM and throw it in your bag. You don't think twice about this since you still have physical possession of your machine. During your commute you are stopped by Mr. Three-letter-agency-official. In this scenario, unless you are able to physically access your machine and power if off before Mr. Agent has access, then you are likely only protected by a screen locking service. However, if you had hibernated you would have the full protection of fde, sed, bios passwords, secure boot, or whatever other physical and data-at-rest protections you have in place.

Or here is a less paranoid scenario. Instead of being stopped by Mr. Three-leter-agency-official, you have your bag containing your laptop stolen by Mr. Criminal. So same as above, now all Mr. Criminal has to compromise is a screen locker to have access to your sensitive data.

I can't really think of a situation where using suspend to RAM on a sensitive system would be secure, except for possibly in your own home. This severely limits the usefulness of a state-saving low power option. Assuming, you are using fde, including SWAP, which you should be, then what is the risk in enabling suspend to disk?

edit: I realize anthraxx says in his post, "having this enabled allows replacement of the running kernel given certain circumstances and access as it suspends the state to disc." But wouldn't this only be possible if the system was already compromised?

Last edited by theBawbe (2020-03-11 14:33:41)

Offline

#2 2020-03-11 14:43:20

Zod
Member
From: Hoosiertucky
Registered: 2019-03-10
Posts: 636

Re: Why is hibernation disabled in linux-hardened?

anthraxx also wrote:

if you absolutely need hibernation and can't live with suspend to ram, you will need to compile your own variant

So that's a no huh?

Offline

#3 2020-03-11 15:14:04

latalante1
Member
Registered: 2018-08-30
Posts: 111

Re: Why is hibernation disabled in linux-hardened?

Hibernate is not in line with the hardened kernel.
It is in conflict with lockdown.
CONFIG_SECURITY_LOCKDOWN_LSM=y
https://git.kernel.org/pub/scm/linux/ke … nate.c#n72

Offline

#4 2020-03-11 15:20:51

theBawbe
Member
Registered: 2020-03-11
Posts: 3

Re: Why is hibernation disabled in linux-hardened?

Zod wrote:
anthraxx also wrote:

if you absolutely need hibernation and can't live with suspend to ram, you will need to compile your own variant

So that's a no huh?

I'm not sure what this contributes to the conversation? I understand how to compile a custom kernel, that's not what I'm asking here. I'd like to understand more completely why the linux-hardened kernel does not allow suspend to disk. There doesn't seem to be any documentation about this on the wiki. If I feel like I can get a good understanding of this behavior, I intend to suggest some edits/additions here https://wiki.archlinux.org/index.php/Talk:Security

Offline

#5 2020-03-11 15:26:04

Zod
Member
From: Hoosiertucky
Registered: 2019-03-10
Posts: 636

Re: Why is hibernation disabled in linux-hardened?

It's an up stream decision, I checked and it's the same for ubuntu, gentoo and alpine.

Arch stays close to up stream, by default up stream disables hibernation. If you disagree with the decision you need to talk with the folks that release kernels.

Or, you can compile your own kernel.

Edit: Google "CONFIG_HIBERNATION is not set" for more information.

Last edited by Zod (2020-03-11 15:36:28)

Offline

#6 2020-03-11 15:47:22

seth
Member
Registered: 2012-09-03
Posts: 65,942

Re: Why is hibernation disabled in linux-hardened?

https://linuxlists.cc/l/1/linux-kernel/ … ost3239927

a sophisticated attacker i.e. a three letter agency

https://xkcd.com/538/  :-P

Offline

#7 2020-03-11 16:55:19

theBawbe
Member
Registered: 2020-03-11
Posts: 3

Re: Why is hibernation disabled in linux-hardened?

...until we can work with signed hibernate images...

Interesting. Thanks for the info. I wonder if there is anyone working on this?

Apparently Ubuntu devs wanted this behavior when secure boot was enabled in the vanilla kernel, but Linus refused the merge. http://lkml.iu.edu/hypermail/linux/kern … 01607.html
Gotta love his response:

Magically changing kernel behavior depending on some subtle and often
unintentional bootup behavior detail is completely idiotic.

I prefer a rubber hose... The margin for an appropriate application of force is a bit wider.

Offline

Board footer

Powered by FluxBB