Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down

[PULL REQUEST] Kernel lockdown patches for 5.2 · Matthew Garrett <hidden> · 2019-03-06
[PATCH 01/27] Add the ability to lock down access to the running kernel image · Matthew Garrett <hidden> · 2019-03-06
[PATCH 02/27] Add a SysRq option to lift kernel lockdown · Matthew Garrett <hidden> · 2019-03-06
Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown · Randy Dunlap <hidden> · 2019-03-07
Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown · Matthew Garrett <hidden> · 2019-03-07
Re: [PATCH 02/27] Add a SysRq option to lift kernel lockdown · David Howells <dhowells@redhat.com> · 2019-03-07
[PATCH 03/27] Enforce module signatures if the kernel is locked down · Matthew Garrett <hidden> · 2019-03-06
Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down · James Morris <jmorris@namei.org> · 2019-03-08
Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down · Matthew Garrett <hidden> · 2019-03-08
Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down · James Morris <jmorris@namei.org> · 2019-03-09
[PATCH 04/27] Restrict /dev/{mem,kmem,port} when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-06
[PATCH 05/27] kexec_load: Disable at runtime if the kernel is locked down · Matthew Garrett <hidden> · 2019-03-06
[PATCH 06/27] Copy secure_boot flag in boot params across kexec reboot · Matthew Garrett <hidden> · 2019-03-06
[PATCH 07/27] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · Matthew Garrett <hidden> · 2019-03-06
[PATCH 10/27] uswsusp: Disable when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-06
[PATCH 11/27] PCI: Lock down BAR access when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
[PATCH 13/27] x86/msr: Restrict MSR access when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
[PATCH 14/27] ACPI: Limit access to custom_method when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
[PATCH 16/27] acpi: Disable ACPI table override if the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
[PATCH 18/27] Prohibit PCMCIA CIS storage when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
[PATCH 19/27] Lock down TIOCSSERIAL · Matthew Garrett <hidden> · 2019-03-07
[PATCH 20/27] Lock down module params that specify hardware parameters (eg. ioport) · Matthew Garrett <hidden> · 2019-03-07
[PATCH 22/27] Lock down /proc/kcore · Matthew Garrett <hidden> · 2019-03-07
[PATCH 23/27] Lock down kprobes · Matthew Garrett <hidden> · 2019-03-07
[PATCH 24/27] bpf: Restrict kernel image access functions when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
[PATCH 25/27] Lock down perf · Matthew Garrett <hidden> · 2019-03-07
[PATCH 26/27] debugfs: Restrict debugfs when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
Re: [PATCH 26/27] debugfs: Restrict debugfs when the kernel is locked down · Vasily Gorbik <gor@linux.ibm.com> · 2019-04-25
Re: [PATCH 26/27] debugfs: Restrict debugfs when the kernel is locked down · Matthew Garrett <hidden> · 2019-04-25
[PATCH 27/27] lockdown: Print current->comm in restriction messages · Matthew Garrett <hidden> · 2019-03-07
[PATCH 21/27] x86/mmiotrace: Lock down the testmmiotrace module · Matthew Garrett <hidden> · 2019-03-07
[PATCH 17/27] acpi: Disable APEI error injection if the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
[PATCH 15/27] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down · Matthew Garrett <hidden> · 2019-03-07
[PATCH 12/27] x86: Lock down IO port access when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
[PATCH 09/27] hibernate: Disable when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
Re: [PATCH 09/27] hibernate: Disable when the kernel is locked down · Alan Cox <hidden> · 2019-03-07
Re: [PATCH 09/27] hibernate: Disable when the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
Re: [PATCH 09/27] hibernate: Disable when the kernel is locked down · Alan Cox <hidden> · 2019-03-18
[PATCH 08/27] kexec_file: Restrict at runtime if the kernel is locked down · Matthew Garrett <hidden> · 2019-03-07
Re: [PULL REQUEST] Kernel lockdown patches for 5.2 · Mimi Zohar <zohar@linux.ibm.com> · 2019-03-07
Re: [PULL REQUEST] Kernel lockdown patches for 5.2 · Matthew Garrett <hidden> · 2019-03-07
Re: [PULL REQUEST] Kernel lockdown patches for 5.2 · Matthew Garrett <hidden> · 2019-03-12
Re: [PULL REQUEST] Kernel lockdown patches for 5.2 · Mimi Zohar <zohar@linux.ibm.com> · 2019-03-12

From: James Morris <jmorris@namei.org>
Date: 2019-03-09 04:45:43
Also in: lkml

On Fri, 8 Mar 2019, Matthew Garrett wrote:

On Fri, Mar 8, 2019 at 3:00 PM James Morris [off-list ref] wrote:

quoted

On Wed, 6 Mar 2019, Matthew Garrett wrote:

quoted

From: David Howells <dhowells@redhat.com>

If the kernel is locked down, require that all modules have valid
signatures that we can verify.

Perhaps note that this won't cover the case where folk are using DM-Verity
with a signed root hash for verifying kernel modules.

Mm. I can't see a terribly good way of doing this generically -
loadpin gives no indication to the module loading code that it comes
from a trusted source. Would making the lockdown/module signature
enforcement a separate config option be reasonable?

I was just suggest documenting this.

-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help