lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 05 Nov 2013 19:31:58 -0800
From:	Randy Dunlap <rdunlap@...radead.org>
To:	Rob Landley <rob@...dley.net>,
	Josh Boyer <jwboyer@...oraproject.org>
CC:	James Solner <solner@...atel-lucent.com>,
	David Howells <dhowells@...hat.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	"Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Adding Documentation/module-signing.txt file

On 11/05/13 14:54, Rob Landley wrote:
> On 10/24/2013 07:08:33 PM, Josh Boyer wrote:
>> On Thu, Oct 24, 2013 at 6:35 PM, James Solner <solner@...atel-lucent.com> wrote:
>> > This patch adds the Documentation/module-signing.txt file that is
>> > missing. There is a link to Documentation/module-signing.txt file
>> > in init/Kconfig that references this file.
>> >
>> > Signed-off-by: James Solner <solner@...atel-lucent.com>
>>
>> Nak.  Please see below.
>>
>> > ---
>> >  Documentation/module-signing.txt | 182 +++++++++++++++++++++++++++++++++++++++
>> >  1 file changed, 182 insertions(+)
>> >  create mode 100644 Documentation/module-signing.txt
>> >
>> > diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
>> > new file mode 100644
>> > index 0000000..b21e1f1
>> > --- /dev/null
>> > +++ b/Documentation/module-signing.txt
>> > @@ -0,0 +1,182 @@
>> > +                       ==============================
>> > +                       KERNEL MODULE SIGNING FACILITY
>> > +                       ==============================
>> > +
>> > +The module signing facility applies cryptographic signature checking to modules
>> > +on module load, checking the signature against a ring of public keys compiled
>> > +into the kernel.  GPG is used to do the cryptographic work and determines the
>> > +format of the signature and key data.  The facility uses GPG&#39;s MPI library to
>> > +handle the huge numbers involved.
>> > +
>> > +The signature checker in the kernel is capable of handling multiple keys of
>> > +either DSA or RSA type, and can support any of MD5, RIPE-MD-160, SHA-1,
>> > +SHA-224, SHA-256, SHA-384 and SHA-512 hashes - PROVIDED(!) the requisite
>> > +algorithms are compiled into the kernel.
>> > +
>> > +(!) NOTE: Modules may only be verified initially with algorithms compiled into
>> > +the kernel.  Further algorithm modules may be loaded and used - but these must
>> > +first pass a verification step using already loaded/compiled-in algorithms.
>> > +
>> > +
>> > +=====================
>> > +SUPPLYING PUBLIC KEYS
>> > +=====================
>> > +
>> > +A set of public keys must be supplied at kernel image build time.  This is done
>> > +by taking a GPG public key file and placing it in the base of the kernel
>> > +directory in a file called modsign.pub.
>> > +
>> > +For example, a throwaway key could be generated automatically by something like
>> > +the following:
>> > +
>> > +       cat &gt;genkey &lt;&lt;EOF
>> > +       %pubring modsign.pub
>> > +       %secring modsign.sec
>> > +       Key-Type: RSA
>> > +       Key-Length: 4096
>> > +       Name-Real: A. N. Other
>> > +       Name-Comment: Kernel Module GPG key
>> > +       %commit
>> > +       EOF
>> > +       gpg --homedir . --batch --gen-key genkey
>> > +
>> > +The above generates fresh keys using /dev/random.  If there&#39;s insufficient data
>> > +in /dev/random, more can be provided using the rngd program if there&#39;s a
>> > +hardware random number generator available.
>> > +
>> > +Note that no GPG password is used in the above scriptlet.
>>
>> This is inaccurate and doesn't match how module signing is done today.
>>  The document you have here is a weird mix of the old RHEL style GPG
>> signing and the current appended-signature x509 certificate signing.
>>
>> It needs to be updated to match the fact that x509 keys and signatures
>> are used now.
>>
>> josh
> 
> What's the current status of this? I'm collating my Documentation patch stack to submit upstream, and this is the most recent message on this one?
> 
> (Googling for Documentation/module-signing.txt brings up dhowells tree on googlesource.com, so presumably something could be fished out of that, but maybe it's going upstream via Rusty's tree, or...?)
> 
> *shrug* Just trying to keep tabs...

There was a new version posted earlier today:
http://marc.info/?l=linux-kernel&m=138369435917393&w=2


It still needs to be cleaned up IMO.


-- 
~Randy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ