Re: Fw: signed kernel modules?

From: David Howells
Date: Wed Oct 13 2004 - 16:23:31 EST

Next message: Andi Kleen: "Re: [OOPS] 2.6.9-rc4, dual Opteron, NUMA, 8GB"
Previous message: Stef van der Made: "Re: Gnome-2.8 stoped working on kernel-2.6.9-rc4-mm1"
In reply to: David Howells: "Re: Fw: signed kernel modules?"
Next in thread: Roman Zippel: "Re: Fw: signed kernel modules?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Write the code. Then come back and tell me it "isn't that hard".

It isn't that hard.

> Let me make this clear: I refuse to include any solution which doesn't
> protect against accidental, as well as deliberate, corruption. This
> means your "canonicalization" code has to be very, very paranoid about
> not trusting the data until the signature is verified. The current code
> does very simple checks then completely trusts the module contents,
> especially the section headers: to make signatures worth anything, your
> code must not do this.

I've made a patch available to permit module signing in the kernel.

http://people.redhat.com/~dhowells/modsign/modsign-269rc4mm1.diff.bz2

I've also put up some example keys:

http://people.redhat.com/~dhowells/modsign/kernel.pub
http://people.redhat.com/~dhowells/modsign/kernel.sec
http://people.redhat.com/~dhowells/modsign/key.h

The first two need to go into your kernel root dir; the third needs to go into
crypto/signature/.

key.h can be generated by something like:

gpg --homedir /tmp --export --keyring ./kernel.pub Red |
scripts/bin2c ksign_def_public_key __initdata >crypto/signature/key.h

You'll need to build the module extractor manually:

make -C scripts/modsign mod-extract

And sign modules manually:

scripts/modsign/modsign.sh net/rxrpc/rxrpc.ko

I'd like to automate this in the kernel build process, but it's not
immediately obvious how to do this with the kernel's current Makefile
stuff.

There's also the problem of how to get the keys in the first place. In the
Fedora RPMs the spec file generates a single new key pair for every build and
discards it later after generating key.h, but that may not be appropriate in
all cases (you can have multiple keys, and you may want to get them from a GPG
keyring somewhere).

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andi Kleen: "Re: [OOPS] 2.6.9-rc4, dual Opteron, NUMA, 8GB"
Previous message: Stef van der Made: "Re: Gnome-2.8 stoped working on kernel-2.6.9-rc4-mm1"
In reply to: David Howells: "Re: Fw: signed kernel modules?"
Next in thread: Roman Zippel: "Re: Fw: signed kernel modules?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]