[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1378849471-10521-1-git-send-email-vgoyal@redhat.com>
Date: Tue, 10 Sep 2013 17:44:15 -0400
From: Vivek Goyal <vgoyal@...hat.com>
To: linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, kexec@...ts.infradead.org
Cc: akpm@...ux-foundation.org, zohar@...ux.vnet.ibm.com,
d.kasatkin@...sung.com, ebiederm@...ssion.com, hpa@...or.com,
matthew.garrett@...ula.com, vgoyal@...hat.com
Subject: [PATCH 00/16] [RFC PATCH] Signed kexec support
Hi,
Matthew has been posting patches to lock down kernel either due to
secureboot requirements or because of signed modules with signing
enforced. In kernel lock down mode, kexec will be disabled and that
means kdump will not work either.
These patches sign /sbin/kexec and kernel verifies the signature
and allows loading a kernel if signature verification is successful.
IOW, trust is extended to validly signed user space.
Currently it works only for statically linked applications.
I have generated these patches on top of keys-devel branch of david howell's
linux-fs tree (as I required his system_kerying and trusted keyring patches
to build upon).
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-devel
These patches assume that matthew's patches to lockdown kernel will go
in some form (secure modules or secure levels or something else). Right
now I have hardcoded few things and will remove those once matthew's
patches are in.
Some more details about design I have written here.
http://people.redhat.com/vgoyal/kdump-secureboot/kdump-secureboot-summary.txt
Any comments/feedback is appreciated.
Thanks
Vivek
Vivek Goyal (16):
mm: vm_brk(), align the length to page boundary
integrity: Add a function to determine digital signature length
ima: Allow adding more memory locking metadata after digital signature
v2
integrity: Allow digital signature verification with a given keyring
ptr
integrity: Export a function to retrieve hash algo used in digital
signature
ima: export new IMA functions for signature verification
mm: Define a task flag MMF_VM_LOCKED for memlocked tasks and don't
allow munlock
binfmt_elf: Elf executable signature verification
ima: define functions to appraise memory buffer contents
keyctl: Introduce a new operation KEYCTL_VERIFY_SIGNATURE
ptrace: Do not allow ptrace() from unsigned process to signed one
binfmt_elf: Do not mark process signed if binary has elf interpreter
kexec: Allow only signed processes to call sys_kexec() in secureboot
mode
kexec: Export sysfs attributes for secureboot and secure modules to
user space
bootparam: Pass acpi_rsdp pointer in bootparam
mount: Add a flag to not follow symlink at the end of mount point
arch/x86/include/uapi/asm/bootparam.h | 3 +-
arch/x86/kernel/acpi/boot.c | 5 +
drivers/acpi/osl.c | 10 ++
fs/Kconfig.binfmt | 10 ++
fs/binfmt_elf.c | 116 ++++++++++++++++++++-
fs/namespace.c | 6 +-
include/linux/acpi.h | 1 +
include/linux/cred.h | 2 +
include/linux/ima.h | 27 +++++
include/linux/integrity.h | 25 ++++-
include/linux/sched.h | 2 +
include/uapi/linux/fs.h | 1 +
include/uapi/linux/keyctl.h | 16 +++
kernel/cred.c | 2 +
kernel/kexec.c | 29 ++++++
kernel/ksysfs.c | 25 +++++
mm/mlock.c | 6 ++
mm/mmap.c | 8 +-
security/commoncap.c | 11 ++
security/integrity/digsig.c | 180 +++++++++++++++++++++++++++++++--
security/integrity/digsig_asymmetric.c | 11 --
security/integrity/ima/ima_api.c | 51 ++++++++++
security/integrity/ima/ima_appraise.c | 132 +++++++++++++++++++++++-
security/integrity/integrity.h | 36 +++++--
security/keys/compat.c | 28 +++++
security/keys/internal.h | 2 +
security/keys/keyctl.c | 79 +++++++++++++++
27 files changed, 788 insertions(+), 36 deletions(-)
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists