lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZVZS4hw5dGB4aPz3@bombadil.infradead.org>
Date:   Thu, 16 Nov 2023 09:35:30 -0800
From:   Luis Chamberlain <mcgrof@...nel.org>
To:     "Alessandro Carminati (Red Hat)" <alessandro.carminati@...il.com>
Cc:     linux-modules@...r.kernel.org, linux-kernel@...r.kernel.org,
        Jonathan Corbet <corbet@....net>, linux-doc@...r.kernel.org
Subject: Re: [RFC PATCH 1/2] Modules: Introduce boot-time module signature
 flexibility

On Thu, Sep 14, 2023 at 11:27:38AM +0000, Alessandro Carminati (Red Hat) wrote:
> This commit introduces a novel boot argument parameter that provides an
> advanced level of control over the verification of module signatures
> during the initial stages of booting. With this enhancement, we gain the
> capability to postpone the verification of module signatures to after
> intrd stage is finished.
> 
> Given that bootloader-provided artifacts are commonly employed
> post-verification,

Is such a thing expressed with a kernel config? If so then shouldn't
this be default for those uses cases?

> Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati@...il.com>
> ---
>  include/linux/module.h  |  4 +++
>  kernel/module/main.c    | 14 ++++++-----
>  kernel/module/signing.c | 56 +++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 68 insertions(+), 6 deletions(-)
> 
> diff --git a/include/linux/module.h b/include/linux/module.h
> index a98e188cf37b..9899aeac43b0 100644
> --- a/include/linux/module.h
> +++ b/include/linux/module.h
> @@ -34,6 +34,10 @@
>  
>  #define MODULE_NAME_LEN MAX_PARAM_PREFIX_LEN
>  
> +#ifdef CONFIG_MODULE_SIG
> +extern int module_sig_check_wait;
> +#endif

Please add under is_module_sig_enforced. That's one new line Vs 3 new ones.

I see the code which skips module signature verification and the knobs
but I don't see the code which complete the promise to do the actual
signature verification post initrd / initramfs state. What gives?

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ