lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 31 Aug 2022 16:29:57 +0800
From:   joeyli <jlee@...e.com>
To:     Jarkko Sakkinen <jarkko@...nel.org>
Cc:     "Lee, Chun-Yi" <joeyli.kernel@...il.com>,
        David Howells <dhowells@...hat.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S . Miller" <davem@...emloft.net>,
        Ben Boeckel <me@...boeckel.net>,
        Randy Dunlap <rdunlap@...radead.org>,
        Malte Gell <malte.gell@....de>,
        Varad Gautam <varad.gautam@...e.com>,
        Mimi Zohar <zohar@...ux.ibm.com>, keyrings@...r.kernel.org,
        linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v9 0/4] Check codeSigning extended key usage extension

Hi Jarkko,

On Sun, Aug 28, 2022 at 06:30:23AM +0300, Jarkko Sakkinen wrote:
> On Thu, Aug 25, 2022 at 10:23:10PM +0800, Lee, Chun-Yi wrote:
> > NIAP PP_OS certification requests that OS need to validate the
> > CodeSigning extended key usage extension field for integrity
> > verifiction of exectable code:
> > 
> >     https://www.niap-ccevs.org/MMO/PP/-442-/
> >         FIA_X509_EXT.1.1
> > 
> > This patchset adds the logic for parsing the codeSigning EKU extension
> > field in X.509. And checking the CodeSigning EKU when verifying
> > signature of kernel module or kexec PE binary in PKCS#7.
> 
> Might be cutting hairs here but you don't really explain
> why we want to support it. It's not a counter argument
> to add the feature. It's a counter argument against adding
> undocumented features.
>

In some cases, a organization may publish different certificates for
difference purposes. When a certificate for a specific purpose is
leaked, it will not affect other certificates.

The function for using a code signing certificate to verify kernel
binary or module can restrict the purpose of the certificate to avoid
attacker uses other leaked non-codeSigning certificate for signing.

Thanks a lot!
Joey Lee

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ