Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions

[PATCH v12 00/11] Appended signatures support for IMA appraisal · Thiago Jung Bauermann <hidden> · 2019-06-28
[PATCH v12 02/11] PKCS#7: Refactor verify_pkcs7_signature() · Thiago Jung Bauermann <hidden> · 2019-06-28
[PATCH v12 04/11] integrity: Select CONFIG_KEYS instead of depending on it · Thiago Jung Bauermann <hidden> · 2019-06-28
[PATCH v12 01/11] MODSIGN: Export module signature definitions · Thiago Jung Bauermann <hidden> · 2019-06-28
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions · Jessica Yu <jeyu@kernel.org> · 2019-07-01
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions · Thiago Jung Bauermann <hidden> · 2019-07-04
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions · Philipp Rudo <hidden> · 2019-07-04
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions · Thiago Jung Bauermann <hidden> · 2019-07-04
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions · Philipp Rudo <hidden> · 2019-07-05
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions · Thiago Jung Bauermann <hidden> · 2019-07-23
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions · Philipp Rudo <hidden> · 2019-08-05
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions · Mimi Zohar <zohar@linux.ibm.com> · 2019-08-05
[PATCH v12 03/11] PKCS#7: Introduce pkcs7_get_digest() · Thiago Jung Bauermann <hidden> · 2019-06-28
[PATCH v12 08/11] ima: Collect modsig · Thiago Jung Bauermann <hidden> · 2019-06-28
[PATCH v12 10/11] ima: Store the measurement again when appraising a modsig · Thiago Jung Bauermann <hidden> · 2019-06-28
[PATCH v12 05/11] ima: Add modsig appraise_type option for module-style appended signatures · Thiago Jung Bauermann <hidden> · 2019-06-28
[PATCH v12 11/11] ima: Allow template= option for appraise rules as well · Thiago Jung Bauermann <hidden> · 2019-06-28
[PATCH v12 07/11] ima: Implement support for module-style appended signatures · Thiago Jung Bauermann <hidden> · 2019-06-28
[PATCH v12 09/11] ima: Define ima-modsig template · Thiago Jung Bauermann <hidden> · 2019-06-28
[PATCH v12 06/11] ima: Factor xattr_verify() out of ima_appraise_measurement() · Thiago Jung Bauermann <hidden> · 2019-06-28
Re: [PATCH v12 00/11] Appended signatures support for IMA appraisal · Mimi Zohar <zohar@linux.ibm.com> · 2019-07-01
Re: [PATCH v12 00/11] Appended signatures support for IMA appraisal · Thiago Jung Bauermann <hidden> · 2019-07-04
Re: [PATCH v12 00/11] Appended signatures support for IMA appraisal · Jordan Hand <hidden> · 2019-08-26
Re: [PATCH v12 00/11] Appended signatures support for IMA appraisal · Thiago Jung Bauermann <hidden> · 2019-08-27
Re: [PATCH v12 00/11] Appended signatures support for IMA appraisal · Mimi Zohar <zohar@linux.ibm.com> · 2019-08-28

From: Thiago Jung Bauermann <hidden>
Date: 2019-07-23 22:39:51
Also in: keyrings, linux-crypto, linux-doc, linux-integrity, linux-s390, linux-security-module, lkml

Hello Philipp,


Philipp Rudo [off-list ref] writes:

Hi Thiago,

On Thu, 04 Jul 2019 15:57:34 -0300
Thiago Jung Bauermann [off-list ref] wrote:

quoted

Hello Philipp,

Philipp Rudo [off-list ref] writes:

quoted

Hi Thiago,


On Thu, 04 Jul 2019 03:42:57 -0300
Thiago Jung Bauermann [off-list ref] wrote:

quoted

Jessica Yu [off-list ref] writes:

quoted

+++ Thiago Jung Bauermann [27/06/19 23:19 -0300]:

quoted

IMA will use the module_signature format for append signatures, so export
the relevant definitions and factor out the code which verifies that the
appended signature trailer is valid.

Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use mod_check_sig() without having to depend on either
CONFIG_MODULE_SIG or CONFIG_MODULES.

Signed-off-by: Thiago Jung Bauermann <redacted>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: Jessica Yu <jeyu@kernel.org>
---
include/linux/module.h           |  3 --
include/linux/module_signature.h | 44 +++++++++++++++++++++++++
init/Kconfig                     |  6 +++-
kernel/Makefile                  |  1 +
kernel/module.c                  |  1 +
kernel/module_signature.c        | 46 ++++++++++++++++++++++++++
kernel/module_signing.c          | 56 +++++---------------------------
scripts/Makefile                 |  2 +-
8 files changed, 106 insertions(+), 53 deletions(-)

diff --git a/include/linux/module.h b/include/linux/module.h
index 188998d3dca9..aa56f531cf1e 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h

@@ -25,9 +25,6 @@

#include <linux/percpu.h>
#include <asm/module.h>

-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIG_STRING "~Module signature appended~\n"
-

Hi Thiago, apologies for the delay.

Hello Jessica, thanks for reviewing the patch!

quoted

It looks like arch/s390/kernel/machine_kexec_file.c also relies on
MODULE_SIG_STRING being defined, so module_signature.h will need to be
included there too, otherwise we'll run into a compilation error.

Indeed. Thanks for spotting that. The patch below fixes it. It's
identical to the previous version except for the changes in 
arch/s390/kernel/machine_kexec_file.c and their description in the
commit message. I'm also copying some s390 people in this email.

to me the s390 part looks good but for one minor nit.

Thanks for the prompt review!

quoted

In arch/s390/Kconfig KEXEC_VERIFY_SIG currently depends on
SYSTEM_DATA_VERIFICATION. I'd prefer when you update this to the new
MODULE_SIG_FORMAT. It shouldn't make any difference right now, as we don't
use mod_check_sig in our code path. But it could cause problems in the future,
when more code might be shared.

Makes sense. Here is the updated patch with the Kconfig change.

The patch looks good now.

Thanks! Can I add your Reviewed-by?

-- 
Thiago Jung Bauermann
IBM Linux Technology Center

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help