26 Sep, 2013

1 commit


20 Oct, 2012

1 commit

  • Emit the magic string that indicates a module has a signature after the
    signature data instead of before it. This allows module_sig_check() to
    be made simpler and faster by the elimination of the search for the
    magic string. Instead we just need to do a single memcmp().

    This works because at the end of the signature data there is the
    fixed-length signature information block. This block then falls
    immediately prior to the magic number.

    From the contents of the information block, it is trivial to calculate
    the size of the signature data and thus the size of the actual module
    data.

    Signed-off-by: David Howells
    Signed-off-by: Linus Torvalds

    David Howells
     

10 Oct, 2012

2 commits

  • Include a PGP keyring containing the public keys required to perform module
    verification in the kernel image during build and create a special keyring
    during boot which is then populated with keys of crypto type holding the public
    keys found in the PGP keyring.

    These can be seen by root:

    [root@andromeda ~]# cat /proc/keys
    07ad4ee0 I----- 1 perm 3f010000 0 0 crypto modsign.0: RSA 87b9b3bd []
    15c7f8c3 I----- 1 perm 1f030000 0 0 keyring .module_sign: 1/4
    ...

    It is probably worth permitting root to invalidate these keys, resulting in
    their removal and preventing further modules from being loaded with that key.

    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    David Howells
     
  • We do a very simple search for a particular string appended to the module
    (which is cache-hot and about to be SHA'd anyway). There's both a config
    option and a boot parameter which control whether we accept or fail with
    unsigned modules and modules that are signed with an unknown key.

    If module signing is enabled, the kernel will be tainted if a module is
    loaded that is unsigned or has a signature for which we don't have the
    key.

    (Useful feedback and tweaks by David Howells )

    Signed-off-by: Rusty Russell
    Signed-off-by: David Howells
    Signed-off-by: Rusty Russell

    Rusty Russell