| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a8802164-60c0-441f-973a-5fda415caff7@t-8ch.de> Date: Mon, 24 Nov 2025 10:41:52 +0100 From: Thomas Weißschuh <linux@...ssschuh.net> To: Sebastian Andrzej Siewior <sebastian@...akpoint.cc> Cc: James Bottomley <James.Bottomley@...senpartnership.com>, Masahiro Yamada <masahiroy@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Arnd Bergmann <arnd@...db.de>, Luis Chamberlain <mcgrof@...nel.org>, Petr Pavlu <petr.pavlu@...e.com>, Sami Tolvanen <samitolvanen@...gle.com>, Daniel Gomez <da.gomez@...sung.com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Jonathan Corbet <corbet@....net>, Madhavan Srinivasan <maddy@...ux.ibm.com>, Michael Ellerman <mpe@...erman.id.au>, Nicholas Piggin <npiggin@...il.com>, Christophe Leroy <christophe.leroy@...roup.eu>, Naveen N Rao <naveen@...nel.org>, Mimi Zohar <zohar@...ux.ibm.com>, Roberto Sassu <roberto.sassu@...wei.com>, Dmitry Kasatkin <dmitry.kasatkin@...il.com>, Eric Snowberg <eric.snowberg@...cle.com>, Nicolas Schier <nicolas.schier@...ux.dev>, Fabian Grünbichler <f.gruenbichler@...xmox.com>, Arnout Engelen <arnout@...t.net>, Mattia Rizzolo <mattia@...reri.org>, kpcyrd <kpcyrd@...hlinux.org>, Christian Heusel <christian@...sel.eu>, Câju Mihai-Drosi <mcaju95@...il.com>, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arch@...r.kernel.org, linux-modules@...r.kernel.org, linux-security-module@...r.kernel.org, linux-doc@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org Subject: Re: [PATCH v3 0/9] module: Introduce hash-based integrity checking Hi Sebastian, On 2025-11-23 18:05:02+0100, Sebastian Andrzej Siewior wrote: > On 2025-11-19 16:48:34 [+0100], Sebastian Andrzej Siewior wrote: > > I fully agree with this approach. I don't like the big hash array but I > > have an idea how to optimize that part. So I don't see a problem in the > > long term. > > The following PoC creates a merkle tree from a set files ending with .ko > within the specified directory. It will write a .hash files containing > the required hash for each file for its validation. The root hash is > saved as "hash_root" and "hash_root.h" in the directory. Thanks a lot! > The Debian kernel shipps 4256 modules: > > | $ time ./compute_hashes mods_deb > | Files 4256 levels: 13 root hash: 97f8f439d63938ed74f48ec46dbd75c2b5e5b49f012a414e89b6f0e0f06efe84 > | > | real 0m0,732s > | user 0m0,304s > | sys 0m0,427s > > This computes the hashes for all the modules it found in the mods_deb > folder. > The kernel needs the root hash (for sha256 32 bytes) and the depth of > the tree (4 bytes). That are 36 bytes regardless of the number of > modules that are built. > In this case, the attached hash for each module is 420 bytes. This is 4 > bytes (position in the tree) + 13 (depth) * 32. > The verification process requires 13 hash operation to hash through the > tree and verify against the root hash. We'll need to store the proof together with the modules somewhere. Regular module signatures are stored as PKCS#7 and appended to the module file. If we can also encode the merkle proof as PKCS#7, the integration into the existing infrastructure should be much easier. It will require some changes to this series, but honestly the Merkle tree aproach looks like the clear winner here. > For convience, the following PoC can also be found at > https://git.kernel.org/pub/scm/linux/kernel/git/bigeasy/mtree-hashed-mods.git/ > > which also includes a small testsuite. (...) Thomas
Powered by blists - more mailing lists