| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50F46C36.3060403@csamuel.org>
Date: Tue, 15 Jan 2013 07:36:06 +1100
From: Chris Samuel <chris@...muel.org>
To: linux-kernel@...r.kernel.org
CC: Rusty Russell <rusty@...tcorp.com.au>, dhowells@...hat.com,
Michal Marek <mmarek@...e.cz>
Subject: [RFC] [PATCH] Disable INSTALL_MOD_STRIP when CONFIG_MODULE_SIG set
/* Please CC as I am not on LKML */
Allowing the build system to strip modules when CONFIG_MODULE_SIG is
set makes no sense as the modules will fail signature checks and at
best taint the kernel (and appear as if force loaded), and at worst
cause a kernel panic if fips_enabled is set.
So we set mod_strip_cmd to be true to prevent it stripping kernel
modules, just as happens if INSTALL_MOD_STRIP is not passed.
---
Documentation/kbuild/kbuild.txt | 3 +++
Documentation/kbuild/makefiles.txt | 5 +++++
Makefile | 3 +++
init/Kconfig | 2 ++
4 files changed, 13 insertions(+)
diff --git a/Documentation/kbuild/kbuild.txt
b/Documentation/kbuild/kbuild.txt
index 6466704..8f2fa5c 100644
--- a/Documentation/kbuild/kbuild.txt
+++ b/Documentation/kbuild/kbuild.txt
@@ -152,6 +152,9 @@ stripped after they are installed. If
INSTALL_MOD_STRIP is '1', then
the default option --strip-debug will be used. Otherwise,
INSTALL_MOD_STRIP value will be used as the options to the strip command.
+A kernel configured with cryptographically signed modules
(CONFIG_MODULE_SIG)
+will disable this to try and prevent the loss of the appended signatures.
+
INSTALL_FW_PATH
--------------------------------------------------
INSTALL_FW_PATH specifies where to install the firmware blobs.
diff --git a/Documentation/kbuild/makefiles.txt
b/Documentation/kbuild/makefiles.txt
index 14c3f4f..5b6dad8 100644
--- a/Documentation/kbuild/makefiles.txt
+++ b/Documentation/kbuild/makefiles.txt
@@ -1396,6 +1396,11 @@ The top Makefile exports the following variables:
INSTALL_MOD_STRIP value will be used as the option(s) to the strip
command.
+ A kernel configured with cryptographically signed modules
+ (CONFIG_MODULE_SIG) will disable this to try and prevent the loss
+ of the appended signatures.
+
+
=== 9 Makefile language
diff --git a/Makefile b/Makefile
index a1667c4..b59a39e 100644
--- a/Makefile
+++ b/Makefile
@@ -724,6 +724,9 @@ MODSECKEY = ./signing_key.priv
MODPUBKEY = ./signing_key.x509
export MODPUBKEY
mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY)
+# Don't strip modules as it removes the signatures we will add.
+mod_strip_cmd = true
+export mod_strip_cmd
else
mod_sign_cmd = true
endif
diff --git a/init/Kconfig b/init/Kconfig
index 7d30240..1048f93 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1658,6 +1658,8 @@ config MODULE_SIG
debuginfo strip done by some packagers (such as rpmbuild) and
inclusion into an initramfs that wants the module size reduced.
+ This option disables the INSTALL_MOD_STRIP option for make.
+
config MODULE_SIG_FORCE
bool "Require modules to be validly signed"
depends on MODULE_SIG
--
1.7.10.4
View attachment "Attached Message Part" of type "text/plain" (0 bytes)
Powered by blists - more mailing lists