lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z37NGzxnUznefi8x@bombadil.infradead.org>
Date: Wed, 8 Jan 2025 11:08:11 -0800
From: Luis Chamberlain <mcgrof@...nel.org>
To: Thomas Weißschuh <linux@...ssschuh.net>
Cc: Masahiro Yamada <masahiroy@...nel.org>,
	Nathan Chancellor <nathan@...nel.org>,
	Nicolas Schier <nicolas@...sle.eu>, Arnd Bergmann <arnd@...db.de>,
	Petr Pavlu <petr.pavlu@...e.com>,
	Sami Tolvanen <samitolvanen@...gle.com>,
	Daniel Gomez <da.gomez@...sung.com>, linux-kbuild@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org,
	linux-modules@...r.kernel.org
Subject: Re: [PATCH RFC 2/2] module: Introduce hash-based integrity checking

On Sat, Jan 04, 2025 at 07:30:39AM +0100, Thomas Weißschuh wrote:
> Hi Luis,
> 
> On 2025-01-03 17:37:52-0800, Luis Chamberlain wrote:
> > On Wed, Dec 25, 2024 at 11:52:00PM +0100, Thomas Weißschuh wrote:
> > > diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
> > > index 7b329057997ad2ec310133ca84617d9bfcdb7e9f..57d317a6fa444195d0806e6bd7a2af6e338a7f01 100644
> > > --- a/kernel/module/Kconfig
> > > +++ b/kernel/module/Kconfig
> > > @@ -344,6 +344,17 @@ config MODULE_DECOMPRESS
> > >  
> > >  	  If unsure, say N.
> > >  
> > > +config MODULE_HASHES
> > > +	bool "Module hash validation"
> > > +	depends on !MODULE_SIG
> > 
> > Why are these mutually exclusive? Can't you want module signatures *and*
> > this as well? What distro which is using module signatures would switch
> > to this as an alternative instead? The help menu does not clarify any of
> > this at all, and neither does the patch.
> 
> The exclusivity is to keep the initial RFC patch small.
> The cover letter lists "Enable coexistence with MODULE_SIG" as
> a further improvement.

Looking forward to that.

> In general this MODULE_HASHES would be used by distros which are
> currently using the build-time generated signing key with
> CONFIG_MODULE_SIG_KEY=certs/signing_key.pem.

The Kconfig needs to describe this, otherwise no one would sensibly
enable this.

> More concretely the Arch Linux team has expressed interest.

Interest sure, but will it be used? If not there is no point to this.
What do the other distro have to think about this?

  Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ