Re: [GIT PULL] MODSIGN: Use PKCS#7 for module signatures

From: David Woodhouse
Date: Tue Jul 28 2015 - 05:12:35 EST

Next message: Matt Fleming: "Re: [PATCH 1/5] iTCO_wdt: Expose watchdog properties using platform data"
Previous message: Martin Kepplinger: "Re: [PATCH 8/8] iio: mma8452: add devicetree property to allow all pin wirings"
In reply to: David Howells: "Re: [GIT PULL] MODSIGN: Use PKCS#7 for module signatures"
Next in thread: David Howells: "Re: [GIT PULL] MODSIGN: Use PKCS#7 for module signatures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2015-07-27 at 23:43 +0100, David Howells wrote:
>
> PKCS#7: Require authenticated attributes
>
> Require there to be authenticated attributes in the PKCS#7/CMS message so
> that an attacker can't drop them to provide greater opportunity for
> manipulating the message.

There doesn't seem to be a lot of point in this part. If the
authenticated attribute isn't being *checked*, then the attacker
doesn't need to drop it at all. There's no point in merely requiring
its *existence*.

As part of the firmware signatures, if we are asked to check the
filename then yes we should require it to be present *and* match. But
if we aren't checking (which we can't for modules since we don't know
what's being loaded), why require it to be present at all?

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@xxxxxxxxx Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Matt Fleming: "Re: [PATCH 1/5] iTCO_wdt: Expose watchdog properties using platform data"
Previous message: Martin Kepplinger: "Re: [PATCH 8/8] iio: mma8452: add devicetree property to allow all pin wirings"
In reply to: David Howells: "Re: [GIT PULL] MODSIGN: Use PKCS#7 for module signatures"
Next in thread: David Howells: "Re: [GIT PULL] MODSIGN: Use PKCS#7 for module signatures"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]