| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Oct 2013 20:08:33 -0400 From: Josh Boyer <jwboyer@...oraproject.org> To: James Solner <solner@...atel-lucent.com> Cc: David Howells <dhowells@...hat.com>, Rusty Russell <rusty@...tcorp.com.au>, "Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] Adding Documentation/module-signing.txt file On Thu, Oct 24, 2013 at 6:35 PM, James Solner <solner@...atel-lucent.com> wrote: > This patch adds the Documentation/module-signing.txt file that is > missing. There is a link to Documentation/module-signing.txt file > in init/Kconfig that references this file. > > Signed-off-by: James Solner <solner@...atel-lucent.com> Nak. Please see below. > --- > Documentation/module-signing.txt | 182 +++++++++++++++++++++++++++++++++++++++ > 1 file changed, 182 insertions(+) > create mode 100644 Documentation/module-signing.txt > > diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt > new file mode 100644 > index 0000000..b21e1f1 > --- /dev/null > +++ b/Documentation/module-signing.txt > @@ -0,0 +1,182 @@ > + ============================== > + KERNEL MODULE SIGNING FACILITY > + ============================== > + > +The module signing facility applies cryptographic signature checking to modules > +on module load, checking the signature against a ring of public keys compiled > +into the kernel. GPG is used to do the cryptographic work and determines the > +format of the signature and key data. The facility uses GPG's MPI library to > +handle the huge numbers involved. > + > +The signature checker in the kernel is capable of handling multiple keys of > +either DSA or RSA type, and can support any of MD5, RIPE-MD-160, SHA-1, > +SHA-224, SHA-256, SHA-384 and SHA-512 hashes - PROVIDED(!) the requisite > +algorithms are compiled into the kernel. > + > +(!) NOTE: Modules may only be verified initially with algorithms compiled into > +the kernel. Further algorithm modules may be loaded and used - but these must > +first pass a verification step using already loaded/compiled-in algorithms. > + > + > +===================== > +SUPPLYING PUBLIC KEYS > +===================== > + > +A set of public keys must be supplied at kernel image build time. This is done > +by taking a GPG public key file and placing it in the base of the kernel > +directory in a file called modsign.pub. > + > +For example, a throwaway key could be generated automatically by something like > +the following: > + > + cat >genkey <<EOF > + %pubring modsign.pub > + %secring modsign.sec > + Key-Type: RSA > + Key-Length: 4096 > + Name-Real: A. N. Other > + Name-Comment: Kernel Module GPG key > + %commit > + EOF > + gpg --homedir . --batch --gen-key genkey > + > +The above generates fresh keys using /dev/random. If there's insufficient data > +in /dev/random, more can be provided using the rngd program if there's a > +hardware random number generator available. > + > +Note that no GPG password is used in the above scriptlet. This is inaccurate and doesn't match how module signing is done today. The document you have here is a weird mix of the old RHEL style GPG signing and the current appended-signature x509 certificate signing. It needs to be updated to match the fact that x509 keys and signatures are used now. josh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists