Re: [PATCH v9 0/4] Check codeSigning extended key usage extension

From: joeyli
Date: Wed Aug 31 2022 - 04:30:20 EST

Next message: David Hildenbrand: "[PATCH v1] mm/ksm: update stale comment in write_protect_page()"
Previous message: liaochang (A): "Re: [PATCH] arch/riscv: kprobes: implement optprobes"
In reply to: Jarkko Sakkinen: "Re: [PATCH v9 0/4] Check codeSigning extended key usage extension"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jarkko,

On Sun, Aug 28, 2022 at 06:30:23AM +0300, Jarkko Sakkinen wrote:
> On Thu, Aug 25, 2022 at 10:23:10PM +0800, Lee, Chun-Yi wrote:
> > NIAP PP_OS certification requests that OS need to validate the
> > CodeSigning extended key usage extension field for integrity
> > verifiction of exectable code:
> >
> > https://www.niap-ccevs.org/MMO/PP/-442-/
> > FIA_X509_EXT.1.1
> >
> > This patchset adds the logic for parsing the codeSigning EKU extension
> > field in X.509. And checking the CodeSigning EKU when verifying
> > signature of kernel module or kexec PE binary in PKCS#7.
>
> Might be cutting hairs here but you don't really explain
> why we want to support it. It's not a counter argument
> to add the feature. It's a counter argument against adding
> undocumented features.
>

In some cases, a organization may publish different certificates for
difference purposes. When a certificate for a specific purpose is
leaked, it will not affect other certificates.

The function for using a code signing certificate to verify kernel
binary or module can restrict the purpose of the certificate to avoid
attacker uses other leaked non-codeSigning certificate for signing.

Thanks a lot!
Joey Lee

Next message: David Hildenbrand: "[PATCH v1] mm/ksm: update stale comment in write_protect_page()"
Previous message: liaochang (A): "Re: [PATCH] arch/riscv: kprobes: implement optprobes"
In reply to: Jarkko Sakkinen: "Re: [PATCH v9 0/4] Check codeSigning extended key usage extension"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]