26 Sep, 2013

1 commit

• b56e5a17b   KEYS: Separate the kernel signature checking keyring from module signing ... Browse Code »

  Separate the kernel signature checking keyring from module signing so that it
  can be used by code other than the module-signing code.

  Signed-off-by: David Howells

  David Howells

  2013-09-26 00:17:01 +0800  

20 Oct, 2012

1 commit

• caabe2405   MODSIGN: Move the magic string to the end of a module and eliminate the search ... Browse Code »

  Emit the magic string that indicates a module has a signature after the
  signature data instead of before it. This allows module_sig_check() to
  be made simpler and faster by the elimination of the search for the
  magic string. Instead we just need to do a single memcmp().

  This works because at the end of the signature data there is the
  fixed-length signature information block. This block then falls
  immediately prior to the magic number.

  From the contents of the information block, it is trivial to calculate
  the size of the signature data and thus the size of the actual module
  data.

  Signed-off-by: David Howells
  Signed-off-by: Linus Torvalds

  David Howells

  2012-10-20 08:30:40 +0800  

10 Oct, 2012

2 commits

• 631cc66eb   MODSIGN: Provide module signing public keys to the kernel ... Browse Code »

  Include a PGP keyring containing the public keys required to perform module
  verification in the kernel image during build and create a special keyring
  during boot which is then populated with keys of crypto type holding the public
  keys found in the PGP keyring.

  These can be seen by root:

  [root@andromeda ~]# cat /proc/keys
  07ad4ee0 I----- 1 perm 3f010000 0 0 crypto modsign.0: RSA 87b9b3bd []
  15c7f8c3 I----- 1 perm 1f030000 0 0 keyring .module_sign: 1/4
  ...

  It is probably worth permitting root to invalidate these keys, resulting in
  their removal and preventing further modules from being loaded with that key.

  Signed-off-by: David Howells
  Signed-off-by: Rusty Russell

  David Howells

  2012-10-10 17:31:22 +0800  
• 106a4ee25   module: signature checking hook ... Browse Code »

  We do a very simple search for a particular string appended to the module
  (which is cache-hot and about to be SHA'd anyway). There's both a config
  option and a boot parameter which control whether we accept or fail with
  unsigned modules and modules that are signed with an unknown key.

  If module signing is enabled, the kernel will be tainted if a module is
  loaded that is unsigned or has a signature for which we don't have the
  key.

  (Useful feedback and tweaks by David Howells )

  Signed-off-by: Rusty Russell
  Signed-off-by: David Howells
  Signed-off-by: Rusty Russell

  Rusty Russell

  2012-10-10 17:30:55 +0800