lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+5PVA4C_KN=aUPewU+xHa4PSogskYMPugi-wBAZ=Ft446vDbg@mail.gmail.com>
Date:	Thu, 24 Oct 2013 20:08:33 -0400
From:	Josh Boyer <jwboyer@...oraproject.org>
To:	James Solner <solner@...atel-lucent.com>
Cc:	David Howells <dhowells@...hat.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	"Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Adding Documentation/module-signing.txt file

On Thu, Oct 24, 2013 at 6:35 PM, James Solner <solner@...atel-lucent.com> wrote:
> This patch adds the Documentation/module-signing.txt file that is
> missing. There is a link to Documentation/module-signing.txt file
> in init/Kconfig that references this file.
>
> Signed-off-by: James Solner <solner@...atel-lucent.com>

Nak.  Please see below.

> ---
>  Documentation/module-signing.txt | 182 +++++++++++++++++++++++++++++++++++++++
>  1 file changed, 182 insertions(+)
>  create mode 100644 Documentation/module-signing.txt
>
> diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
> new file mode 100644
> index 0000000..b21e1f1
> --- /dev/null
> +++ b/Documentation/module-signing.txt
> @@ -0,0 +1,182 @@
> +                       ==============================
> +                       KERNEL MODULE SIGNING FACILITY
> +                       ==============================
> +
> +The module signing facility applies cryptographic signature checking to modules
> +on module load, checking the signature against a ring of public keys compiled
> +into the kernel.  GPG is used to do the cryptographic work and determines the
> +format of the signature and key data.  The facility uses GPG&#39;s MPI library to
> +handle the huge numbers involved.
> +
> +The signature checker in the kernel is capable of handling multiple keys of
> +either DSA or RSA type, and can support any of MD5, RIPE-MD-160, SHA-1,
> +SHA-224, SHA-256, SHA-384 and SHA-512 hashes - PROVIDED(!) the requisite
> +algorithms are compiled into the kernel.
> +
> +(!) NOTE: Modules may only be verified initially with algorithms compiled into
> +the kernel.  Further algorithm modules may be loaded and used - but these must
> +first pass a verification step using already loaded/compiled-in algorithms.
> +
> +
> +=====================
> +SUPPLYING PUBLIC KEYS
> +=====================
> +
> +A set of public keys must be supplied at kernel image build time.  This is done
> +by taking a GPG public key file and placing it in the base of the kernel
> +directory in a file called modsign.pub.
> +
> +For example, a throwaway key could be generated automatically by something like
> +the following:
> +
> +       cat &gt;genkey &lt;&lt;EOF
> +       %pubring modsign.pub
> +       %secring modsign.sec
> +       Key-Type: RSA
> +       Key-Length: 4096
> +       Name-Real: A. N. Other
> +       Name-Comment: Kernel Module GPG key
> +       %commit
> +       EOF
> +       gpg --homedir . --batch --gen-key genkey
> +
> +The above generates fresh keys using /dev/random.  If there&#39;s insufficient data
> +in /dev/random, more can be provided using the rngd program if there&#39;s a
> +hardware random number generator available.
> +
> +Note that no GPG password is used in the above scriptlet.

This is inaccurate and doesn't match how module signing is done today.
 The document you have here is a weird mix of the old RHEL style GPG
signing and the current appended-signature x509 certificate signing.

It needs to be updated to match the fact that x509 keys and signatures
are used now.

josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ