lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1383692092.1974.249@driftwood>
Date:	Tue, 05 Nov 2013 16:54:52 -0600
From:	Rob Landley <rob@...dley.net>
To:	Josh Boyer <jwboyer@...oraproject.org>
Cc:	James Solner <solner@...atel-lucent.com>,
	David Howells <dhowells@...hat.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	"Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Adding Documentation/module-signing.txt file

On 10/24/2013 07:08:33 PM, Josh Boyer wrote:
> On Thu, Oct 24, 2013 at 6:35 PM, James Solner  
> <solner@...atel-lucent.com> wrote:
> > This patch adds the Documentation/module-signing.txt file that is
> > missing. There is a link to Documentation/module-signing.txt file
> > in init/Kconfig that references this file.
> >
> > Signed-off-by: James Solner <solner@...atel-lucent.com>
> 
> Nak.  Please see below.
> 
> > ---
> >  Documentation/module-signing.txt | 182  
> +++++++++++++++++++++++++++++++++++++++
> >  1 file changed, 182 insertions(+)
> >  create mode 100644 Documentation/module-signing.txt
> >
> > diff --git a/Documentation/module-signing.txt  
> b/Documentation/module-signing.txt
> > new file mode 100644
> > index 0000000..b21e1f1
> > --- /dev/null
> > +++ b/Documentation/module-signing.txt
> > @@ -0,0 +1,182 @@
> > +                       ==============================
> > +                       KERNEL MODULE SIGNING FACILITY
> > +                       ==============================
> > +
> > +The module signing facility applies cryptographic signature  
> checking to modules
> > +on module load, checking the signature against a ring of public  
> keys compiled
> > +into the kernel.  GPG is used to do the cryptographic work and  
> determines the
> > +format of the signature and key data.  The facility uses GPG&#39;s  
> MPI library to
> > +handle the huge numbers involved.
> > +
> > +The signature checker in the kernel is capable of handling  
> multiple keys of
> > +either DSA or RSA type, and can support any of MD5, RIPE-MD-160,  
> SHA-1,
> > +SHA-224, SHA-256, SHA-384 and SHA-512 hashes - PROVIDED(!) the  
> requisite
> > +algorithms are compiled into the kernel.
> > +
> > +(!) NOTE: Modules may only be verified initially with algorithms  
> compiled into
> > +the kernel.  Further algorithm modules may be loaded and used -  
> but these must
> > +first pass a verification step using already loaded/compiled-in  
> algorithms.
> > +
> > +
> > +=====================
> > +SUPPLYING PUBLIC KEYS
> > +=====================
> > +
> > +A set of public keys must be supplied at kernel image build time.   
> This is done
> > +by taking a GPG public key file and placing it in the base of the  
> kernel
> > +directory in a file called modsign.pub.
> > +
> > +For example, a throwaway key could be generated automatically by  
> something like
> > +the following:
> > +
> > +       cat &gt;genkey &lt;&lt;EOF
> > +       %pubring modsign.pub
> > +       %secring modsign.sec
> > +       Key-Type: RSA
> > +       Key-Length: 4096
> > +       Name-Real: A. N. Other
> > +       Name-Comment: Kernel Module GPG key
> > +       %commit
> > +       EOF
> > +       gpg --homedir . --batch --gen-key genkey
> > +
> > +The above generates fresh keys using /dev/random.  If there&#39;s  
> insufficient data
> > +in /dev/random, more can be provided using the rngd program if  
> there&#39;s a
> > +hardware random number generator available.
> > +
> > +Note that no GPG password is used in the above scriptlet.
> 
> This is inaccurate and doesn't match how module signing is done today.
>  The document you have here is a weird mix of the old RHEL style GPG
> signing and the current appended-signature x509 certificate signing.
> 
> It needs to be updated to match the fact that x509 keys and signatures
> are used now.
> 
> josh

What's the current status of this? I'm collating my Documentation patch  
stack to submit upstream, and this is the most recent message on this  
one?

(Googling for Documentation/module-signing.txt brings up dhowells tree  
on googlesource.com, so presumably something could be fished out of  
that, but maybe it's going upstream via Rusty's tree, or...?)

*shrug* Just trying to keep tabs...

Rob--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ