Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
On Mon, 2019-08-05 at 15:11 +0200, Philipp Rudo wrote: > Hi Thiago, > > > > The patch looks good now. > > > > Thanks! Can I add your Reviewed-by? > > sorry, for the late answer, but I was on vacation the last two weeks. I hope > it's not too late now. > > Reviewed-by: Philipp Rudo Thanks! This patch set is still in the #next-queued-testing branch. I'm still hoping for a few more tags, before pushing it out to the #next-integrity branch later today. Mimi
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Hi Thiago, > > The patch looks good now. > > Thanks! Can I add your Reviewed-by? sorry, for the late answer, but I was on vacation the last two weeks. I hope it's not too late now. Reviewed-by: Philipp Rudo
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Hello Philipp, Philipp Rudo writes: > Hi Thiago, > > On Thu, 04 Jul 2019 15:57:34 -0300 > Thiago Jung Bauermann wrote: > >> Hello Philipp, >> >> Philipp Rudo writes: >> >> > Hi Thiago, >> > >> > >> > On Thu, 04 Jul 2019 03:42:57 -0300 >> > Thiago Jung Bauermann wrote: >> > >> >> Jessica Yu writes: >> >> >> >> > +++ Thiago Jung Bauermann [27/06/19 23:19 -0300]: >> >> >>IMA will use the module_signature format for append signatures, so >> >> >>export >> >> >>the relevant definitions and factor out the code which verifies that the >> >> >>appended signature trailer is valid. >> >> >> >> >> >>Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it >> >> >>and be able to use mod_check_sig() without having to depend on either >> >> >>CONFIG_MODULE_SIG or CONFIG_MODULES. >> >> >> >> >> >>Signed-off-by: Thiago Jung Bauermann >> >> >>Reviewed-by: Mimi Zohar >> >> >>Cc: Jessica Yu >> >> >>--- >> >> >> include/linux/module.h | 3 -- >> >> >> include/linux/module_signature.h | 44 + >> >> >> init/Kconfig | 6 +++- >> >> >> kernel/Makefile | 1 + >> >> >> kernel/module.c | 1 + >> >> >> kernel/module_signature.c| 46 ++ >> >> >> kernel/module_signing.c | 56 +--- >> >> >> scripts/Makefile | 2 +- >> >> >> 8 files changed, 106 insertions(+), 53 deletions(-) >> >> >> >> >> >>diff --git a/include/linux/module.h b/include/linux/module.h >> >> >>index 188998d3dca9..aa56f531cf1e 100644 >> >> >>--- a/include/linux/module.h >> >> >>+++ b/include/linux/module.h >> >> >>@@ -25,9 +25,6 @@ >> >> >> #include >> >> >> #include >> >> >> >> >> >>-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ >> >> >>-#define MODULE_SIG_STRING "~Module signature appended~\n" >> >> >>- >> >> > >> >> > Hi Thiago, apologies for the delay. >> >> >> >> Hello Jessica, thanks for reviewing the patch! >> >> >> >> > It looks like arch/s390/kernel/machine_kexec_file.c also relies on >> >> > MODULE_SIG_STRING being defined, so module_signature.h will need to be >> >> > included there too, otherwise we'll run into a compilation error. >> >> >> >> Indeed. Thanks for spotting that. The patch below fixes it. It's >> >> identical to the previous version except for the changes in >> >> arch/s390/kernel/machine_kexec_file.c and their description in the >> >> commit message. I'm also copying some s390 people in this email. >> > >> > to me the s390 part looks good but for one minor nit. >> >> Thanks for the prompt review! >> >> > In arch/s390/Kconfig KEXEC_VERIFY_SIG currently depends on >> > SYSTEM_DATA_VERIFICATION. I'd prefer when you update this to the new >> > MODULE_SIG_FORMAT. It shouldn't make any difference right now, as we don't >> > use mod_check_sig in our code path. But it could cause problems in the >> > future, >> > when more code might be shared. >> >> Makes sense. Here is the updated patch with the Kconfig change. >> > > The patch looks good now. Thanks! Can I add your Reviewed-by? -- Thiago Jung Bauermann IBM Linux Technology Center
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Hi Thiago, On Thu, 04 Jul 2019 15:57:34 -0300 Thiago Jung Bauermann wrote: > Hello Philipp, > > Philipp Rudo writes: > > > Hi Thiago, > > > > > > On Thu, 04 Jul 2019 03:42:57 -0300 > > Thiago Jung Bauermann wrote: > > > >> Jessica Yu writes: > >> > >> > +++ Thiago Jung Bauermann [27/06/19 23:19 -0300]: > >> >>IMA will use the module_signature format for append signatures, so export > >> >>the relevant definitions and factor out the code which verifies that the > >> >>appended signature trailer is valid. > >> >> > >> >>Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it > >> >>and be able to use mod_check_sig() without having to depend on either > >> >>CONFIG_MODULE_SIG or CONFIG_MODULES. > >> >> > >> >>Signed-off-by: Thiago Jung Bauermann > >> >>Reviewed-by: Mimi Zohar > >> >>Cc: Jessica Yu > >> >>--- > >> >> include/linux/module.h | 3 -- > >> >> include/linux/module_signature.h | 44 + > >> >> init/Kconfig | 6 +++- > >> >> kernel/Makefile | 1 + > >> >> kernel/module.c | 1 + > >> >> kernel/module_signature.c| 46 ++ > >> >> kernel/module_signing.c | 56 +--- > >> >> scripts/Makefile | 2 +- > >> >> 8 files changed, 106 insertions(+), 53 deletions(-) > >> >> > >> >>diff --git a/include/linux/module.h b/include/linux/module.h > >> >>index 188998d3dca9..aa56f531cf1e 100644 > >> >>--- a/include/linux/module.h > >> >>+++ b/include/linux/module.h > >> >>@@ -25,9 +25,6 @@ > >> >> #include > >> >> #include > >> >> > >> >>-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ > >> >>-#define MODULE_SIG_STRING "~Module signature appended~\n" > >> >>- > >> > > >> > Hi Thiago, apologies for the delay. > >> > >> Hello Jessica, thanks for reviewing the patch! > >> > >> > It looks like arch/s390/kernel/machine_kexec_file.c also relies on > >> > MODULE_SIG_STRING being defined, so module_signature.h will need to be > >> > included there too, otherwise we'll run into a compilation error. > >> > >> Indeed. Thanks for spotting that. The patch below fixes it. It's > >> identical to the previous version except for the changes in > >> arch/s390/kernel/machine_kexec_file.c and their description in the > >> commit message. I'm also copying some s390 people in this email. > > > > to me the s390 part looks good but for one minor nit. > > Thanks for the prompt review! > > > In arch/s390/Kconfig KEXEC_VERIFY_SIG currently depends on > > SYSTEM_DATA_VERIFICATION. I'd prefer when you update this to the new > > MODULE_SIG_FORMAT. It shouldn't make any difference right now, as we don't > > use mod_check_sig in our code path. But it could cause problems in the > > future, > > when more code might be shared. > > Makes sense. Here is the updated patch with the Kconfig change. > The patch looks good now. Thanks a lot PHilipp
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Hello Philipp, Philipp Rudo writes: > Hi Thiago, > > > On Thu, 04 Jul 2019 03:42:57 -0300 > Thiago Jung Bauermann wrote: > >> Jessica Yu writes: >> >> > +++ Thiago Jung Bauermann [27/06/19 23:19 -0300]: >> >>IMA will use the module_signature format for append signatures, so export >> >>the relevant definitions and factor out the code which verifies that the >> >>appended signature trailer is valid. >> >> >> >>Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it >> >>and be able to use mod_check_sig() without having to depend on either >> >>CONFIG_MODULE_SIG or CONFIG_MODULES. >> >> >> >>Signed-off-by: Thiago Jung Bauermann >> >>Reviewed-by: Mimi Zohar >> >>Cc: Jessica Yu >> >>--- >> >> include/linux/module.h | 3 -- >> >> include/linux/module_signature.h | 44 + >> >> init/Kconfig | 6 +++- >> >> kernel/Makefile | 1 + >> >> kernel/module.c | 1 + >> >> kernel/module_signature.c| 46 ++ >> >> kernel/module_signing.c | 56 +--- >> >> scripts/Makefile | 2 +- >> >> 8 files changed, 106 insertions(+), 53 deletions(-) >> >> >> >>diff --git a/include/linux/module.h b/include/linux/module.h >> >>index 188998d3dca9..aa56f531cf1e 100644 >> >>--- a/include/linux/module.h >> >>+++ b/include/linux/module.h >> >>@@ -25,9 +25,6 @@ >> >> #include >> >> #include >> >> >> >>-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ >> >>-#define MODULE_SIG_STRING "~Module signature appended~\n" >> >>- >> > >> > Hi Thiago, apologies for the delay. >> >> Hello Jessica, thanks for reviewing the patch! >> >> > It looks like arch/s390/kernel/machine_kexec_file.c also relies on >> > MODULE_SIG_STRING being defined, so module_signature.h will need to be >> > included there too, otherwise we'll run into a compilation error. >> >> Indeed. Thanks for spotting that. The patch below fixes it. It's >> identical to the previous version except for the changes in >> arch/s390/kernel/machine_kexec_file.c and their description in the >> commit message. I'm also copying some s390 people in this email. > > to me the s390 part looks good but for one minor nit. Thanks for the prompt review! > In arch/s390/Kconfig KEXEC_VERIFY_SIG currently depends on > SYSTEM_DATA_VERIFICATION. I'd prefer when you update this to the new > MODULE_SIG_FORMAT. It shouldn't make any difference right now, as we don't > use mod_check_sig in our code path. But it could cause problems in the future, > when more code might be shared. Makes sense. Here is the updated patch with the Kconfig change. -- Thiago Jung Bauermann IBM Linux Technology Center >From d0e870a6eccc7126c0416ad7369888052c15eb18 Mon Sep 17 00:00:00 2001 From: Thiago Jung Bauermann Date: Thu, 17 May 2018 21:46:12 -0300 Subject: [PATCH 1/1] MODSIGN: Export module signature definitions IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use mod_check_sig() without having to depend on either CONFIG_MODULE_SIG or CONFIG_MODULES. s390 duplicated the definition of struct module_signature so now they can use the new header instead. Signed-off-by: Thiago Jung Bauermann Reviewed-by: Mimi Zohar Acked-by: Jessica Yu Cc: Heiko Carstens Cc: Philipp Rudo --- arch/s390/Kconfig | 2 +- arch/s390/kernel/machine_kexec_file.c | 24 +--- include/linux/module.h| 3 -- include/linux/module_signature.h | 44 + init/Kconfig | 6 ++- kernel/Makefile | 1 + kernel/module.c | 1 + kernel/module_signature.c | 46 ++ kernel/module_signing.c | 56 --- scripts/Makefile | 2 +- 10 files changed, 108 insertions(+), 77 deletions(-) create mode 100644 include/linux/module_signature.h create mode 100644 kernel/module_signature.c diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 109243fdb6ec..446b7ffa1294 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -557,7 +557,7 @@ config ARCH_HAS_KEXEC_PURGATORY config KEXEC_VERIFY_SIG bool "Verify kernel signature during kexec_file_load() syscall" - depends on KEXEC_FILE && SYSTEM_DATA_VERIFICATION + depends on KEXEC_FILE && MODULE_SIG_FORMAT help This option makes kernel signature verification mandatory for the kexec_file_load() syscall. diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c index fbdd3ea73667..1ac9fbc6e01e 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Hi Thiago, On Thu, 04 Jul 2019 03:42:57 -0300 Thiago Jung Bauermann wrote: > Jessica Yu writes: > > > +++ Thiago Jung Bauermann [27/06/19 23:19 -0300]: > >>IMA will use the module_signature format for append signatures, so export > >>the relevant definitions and factor out the code which verifies that the > >>appended signature trailer is valid. > >> > >>Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it > >>and be able to use mod_check_sig() without having to depend on either > >>CONFIG_MODULE_SIG or CONFIG_MODULES. > >> > >>Signed-off-by: Thiago Jung Bauermann > >>Reviewed-by: Mimi Zohar > >>Cc: Jessica Yu > >>--- > >> include/linux/module.h | 3 -- > >> include/linux/module_signature.h | 44 + > >> init/Kconfig | 6 +++- > >> kernel/Makefile | 1 + > >> kernel/module.c | 1 + > >> kernel/module_signature.c| 46 ++ > >> kernel/module_signing.c | 56 +--- > >> scripts/Makefile | 2 +- > >> 8 files changed, 106 insertions(+), 53 deletions(-) > >> > >>diff --git a/include/linux/module.h b/include/linux/module.h > >>index 188998d3dca9..aa56f531cf1e 100644 > >>--- a/include/linux/module.h > >>+++ b/include/linux/module.h > >>@@ -25,9 +25,6 @@ > >> #include > >> #include > >> > >>-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ > >>-#define MODULE_SIG_STRING "~Module signature appended~\n" > >>- > > > > Hi Thiago, apologies for the delay. > > Hello Jessica, thanks for reviewing the patch! > > > It looks like arch/s390/kernel/machine_kexec_file.c also relies on > > MODULE_SIG_STRING being defined, so module_signature.h will need to be > > included there too, otherwise we'll run into a compilation error. > > Indeed. Thanks for spotting that. The patch below fixes it. It's > identical to the previous version except for the changes in > arch/s390/kernel/machine_kexec_file.c and their description in the > commit message. I'm also copying some s390 people in this email. to me the s390 part looks good but for one minor nit. In arch/s390/Kconfig KEXEC_VERIFY_SIG currently depends on SYSTEM_DATA_VERIFICATION. I'd prefer when you update this to the new MODULE_SIG_FORMAT. It shouldn't make any difference right now, as we don't use mod_check_sig in our code path. But it could cause problems in the future, when more code might be shared. Thanks Philipp > > Other than that, the module-related changes look good to me: > > > > Acked-by: Jessica Yu > > Thank you very much! >
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Jessica Yu writes: > +++ Thiago Jung Bauermann [27/06/19 23:19 -0300]: >>IMA will use the module_signature format for append signatures, so export >>the relevant definitions and factor out the code which verifies that the >>appended signature trailer is valid. >> >>Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it >>and be able to use mod_check_sig() without having to depend on either >>CONFIG_MODULE_SIG or CONFIG_MODULES. >> >>Signed-off-by: Thiago Jung Bauermann >>Reviewed-by: Mimi Zohar >>Cc: Jessica Yu >>--- >> include/linux/module.h | 3 -- >> include/linux/module_signature.h | 44 + >> init/Kconfig | 6 +++- >> kernel/Makefile | 1 + >> kernel/module.c | 1 + >> kernel/module_signature.c| 46 ++ >> kernel/module_signing.c | 56 +--- >> scripts/Makefile | 2 +- >> 8 files changed, 106 insertions(+), 53 deletions(-) >> >>diff --git a/include/linux/module.h b/include/linux/module.h >>index 188998d3dca9..aa56f531cf1e 100644 >>--- a/include/linux/module.h >>+++ b/include/linux/module.h >>@@ -25,9 +25,6 @@ >> #include >> #include >> >>-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ >>-#define MODULE_SIG_STRING "~Module signature appended~\n" >>- > > Hi Thiago, apologies for the delay. Hello Jessica, thanks for reviewing the patch! > It looks like arch/s390/kernel/machine_kexec_file.c also relies on > MODULE_SIG_STRING being defined, so module_signature.h will need to be > included there too, otherwise we'll run into a compilation error. Indeed. Thanks for spotting that. The patch below fixes it. It's identical to the previous version except for the changes in arch/s390/kernel/machine_kexec_file.c and their description in the commit message. I'm also copying some s390 people in this email. > Other than that, the module-related changes look good to me: > > Acked-by: Jessica Yu Thank you very much! -- Thiago Jung Bauermann IBM Linux Technology Center >From 0ca180c66f4cff8b1fcd51f3457cc06dac2f0e81 Mon Sep 17 00:00:00 2001 From: Thiago Jung Bauermann Date: Thu, 17 May 2018 21:46:12 -0300 Subject: [PATCH 1/1] MODSIGN: Export module signature definitions IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use mod_check_sig() without having to depend on either CONFIG_MODULE_SIG or CONFIG_MODULES. s390 duplicated the definition of struct module_signature so now they can use the new header instead. Signed-off-by: Thiago Jung Bauermann Reviewed-by: Mimi Zohar Acked-by: Jessica Yu Cc: Heiko Carstens Cc: Philipp Rudo --- arch/s390/kernel/machine_kexec_file.c | 24 +--- include/linux/module.h| 3 -- include/linux/module_signature.h | 44 + init/Kconfig | 6 ++- kernel/Makefile | 1 + kernel/module.c | 1 + kernel/module_signature.c | 46 ++ kernel/module_signing.c | 56 --- scripts/Makefile | 2 +- 9 files changed, 107 insertions(+), 76 deletions(-) create mode 100644 include/linux/module_signature.h create mode 100644 kernel/module_signature.c diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c index fbdd3ea73667..1ac9fbc6e01e 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_file.c @@ -10,7 +10,7 @@ #include #include #include -#include +#include #include #include #include @@ -23,28 +23,6 @@ const struct kexec_file_ops * const kexec_file_loaders[] = { }; #ifdef CONFIG_KEXEC_VERIFY_SIG -/* - * Module signature information block. - * - * The constituents of the signature section are, in order: - * - * - Signer's name - * - Key identifier - * - Signature data - * - Information block - */ -struct module_signature { - u8 algo; /* Public-key crypto algorithm [0] */ - u8 hash; /* Digest algorithm [0] */ - u8 id_type;/* Key identifier type [PKEY_ID_PKCS7] */ - u8 signer_len; /* Length of signer's name [0] */ - u8 key_id_len; /* Length of key identifier [0] */ - u8 __pad[3]; - __be32 sig_len;/* Length of signature data */ -}; - -#define PKEY_ID_PKCS7 2 - int s390_verify_sig(const char *kernel, unsigned long kernel_len) { const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1; diff --git a/include/linux/module.h b/include/linux/module.h index 188998d3dca9..aa56f531cf1e 100644 --- a/include/linux/module.h +++ b/include/
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
+++ Thiago Jung Bauermann [27/06/19 23:19 -0300]: IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use mod_check_sig() without having to depend on either CONFIG_MODULE_SIG or CONFIG_MODULES. Signed-off-by: Thiago Jung Bauermann Reviewed-by: Mimi Zohar Cc: Jessica Yu --- include/linux/module.h | 3 -- include/linux/module_signature.h | 44 + init/Kconfig | 6 +++- kernel/Makefile | 1 + kernel/module.c | 1 + kernel/module_signature.c| 46 ++ kernel/module_signing.c | 56 +--- scripts/Makefile | 2 +- 8 files changed, 106 insertions(+), 53 deletions(-) diff --git a/include/linux/module.h b/include/linux/module.h index 188998d3dca9..aa56f531cf1e 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -25,9 +25,6 @@ #include #include -/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIG_STRING "~Module signature appended~\n" - Hi Thiago, apologies for the delay. It looks like arch/s390/kernel/machine_kexec_file.c also relies on MODULE_SIG_STRING being defined, so module_signature.h will need to be included there too, otherwise we'll run into a compilation error. Other than that, the module-related changes look good to me: Acked-by: Jessica Yu Thanks! Jessica /* Not Yet Implemented */ #define MODULE_SUPPORTED_DEVICE(name) diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h new file mode 100644 index ..523617fc5b6a --- /dev/null +++ b/include/linux/module_signature.h @@ -0,0 +1,44 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Module signature handling. + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowe...@redhat.com) + */ + +#ifndef _LINUX_MODULE_SIGNATURE_H +#define _LINUX_MODULE_SIGNATURE_H + +/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ +#define MODULE_SIG_STRING "~Module signature appended~\n" + +enum pkey_id_type { + PKEY_ID_PGP,/* OpenPGP generated key ID */ + PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ + PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ +}; + +/* + * Module signature information block. + * + * The constituents of the signature section are, in order: + * + * - Signer's name + * - Key identifier + * - Signature data + * - Information block + */ +struct module_signature { + u8 algo; /* Public-key crypto algorithm [0] */ + u8 hash; /* Digest algorithm [0] */ + u8 id_type;/* Key identifier type [PKEY_ID_PKCS7] */ + u8 signer_len; /* Length of signer's name [0] */ + u8 key_id_len; /* Length of key identifier [0] */ + u8 __pad[3]; + __be32 sig_len;/* Length of signature data */ +}; + +int mod_check_sig(const struct module_signature *ms, size_t file_len, + const char *name); + +#endif /* _LINUX_MODULE_SIGNATURE_H */ diff --git a/init/Kconfig b/init/Kconfig index 8b9ffe236e4f..c2286a3c74c5 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1852,6 +1852,10 @@ config BASE_SMALL default 0 if BASE_FULL default 1 if !BASE_FULL +config MODULE_SIG_FORMAT + def_bool n + select SYSTEM_DATA_VERIFICATION + menuconfig MODULES bool "Enable loadable module support" option modules @@ -1929,7 +1933,7 @@ config MODULE_SRCVERSION_ALL config MODULE_SIG bool "Module signature verification" depends on MODULES - select SYSTEM_DATA_VERIFICATION + select MODULE_SIG_FORMAT help Check modules for valid signatures upon load: the signature is simply appended to the module. For more information see diff --git a/kernel/Makefile b/kernel/Makefile index 33824f0385b3..f29ae2997a43 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -58,6 +58,7 @@ endif obj-$(CONFIG_UID16) += uid16.o obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_MODULE_SIG) += module_signing.o +obj-$(CONFIG_MODULE_SIG_FORMAT) += module_signature.o obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o obj-$(CONFIG_CRASH_CORE) += crash_core.o diff --git a/kernel/module.c b/kernel/module.c index 6e6712b3aaf5..2712f4d217f5 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include diff --git a/kernel/module_signature.c b/kernel/module_signature.c new file mode 100644 index ..4224a1086b7d --- /dev/null +++ b/kernel/module_signature.c @@ -0,0 +1,46 @@ +// SPDX-License-Identifier: GPL-
[PATCH v12 01/11] MODSIGN: Export module signature definitions
IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use mod_check_sig() without having to depend on either CONFIG_MODULE_SIG or CONFIG_MODULES. Signed-off-by: Thiago Jung Bauermann Reviewed-by: Mimi Zohar Cc: Jessica Yu --- include/linux/module.h | 3 -- include/linux/module_signature.h | 44 + init/Kconfig | 6 +++- kernel/Makefile | 1 + kernel/module.c | 1 + kernel/module_signature.c| 46 ++ kernel/module_signing.c | 56 +--- scripts/Makefile | 2 +- 8 files changed, 106 insertions(+), 53 deletions(-) diff --git a/include/linux/module.h b/include/linux/module.h index 188998d3dca9..aa56f531cf1e 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -25,9 +25,6 @@ #include #include -/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ -#define MODULE_SIG_STRING "~Module signature appended~\n" - /* Not Yet Implemented */ #define MODULE_SUPPORTED_DEVICE(name) diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h new file mode 100644 index ..523617fc5b6a --- /dev/null +++ b/include/linux/module_signature.h @@ -0,0 +1,44 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Module signature handling. + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowe...@redhat.com) + */ + +#ifndef _LINUX_MODULE_SIGNATURE_H +#define _LINUX_MODULE_SIGNATURE_H + +/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ +#define MODULE_SIG_STRING "~Module signature appended~\n" + +enum pkey_id_type { + PKEY_ID_PGP,/* OpenPGP generated key ID */ + PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ + PKEY_ID_PKCS7, /* Signature in PKCS#7 message */ +}; + +/* + * Module signature information block. + * + * The constituents of the signature section are, in order: + * + * - Signer's name + * - Key identifier + * - Signature data + * - Information block + */ +struct module_signature { + u8 algo; /* Public-key crypto algorithm [0] */ + u8 hash; /* Digest algorithm [0] */ + u8 id_type;/* Key identifier type [PKEY_ID_PKCS7] */ + u8 signer_len; /* Length of signer's name [0] */ + u8 key_id_len; /* Length of key identifier [0] */ + u8 __pad[3]; + __be32 sig_len;/* Length of signature data */ +}; + +int mod_check_sig(const struct module_signature *ms, size_t file_len, + const char *name); + +#endif /* _LINUX_MODULE_SIGNATURE_H */ diff --git a/init/Kconfig b/init/Kconfig index 8b9ffe236e4f..c2286a3c74c5 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1852,6 +1852,10 @@ config BASE_SMALL default 0 if BASE_FULL default 1 if !BASE_FULL +config MODULE_SIG_FORMAT + def_bool n + select SYSTEM_DATA_VERIFICATION + menuconfig MODULES bool "Enable loadable module support" option modules @@ -1929,7 +1933,7 @@ config MODULE_SRCVERSION_ALL config MODULE_SIG bool "Module signature verification" depends on MODULES - select SYSTEM_DATA_VERIFICATION + select MODULE_SIG_FORMAT help Check modules for valid signatures upon load: the signature is simply appended to the module. For more information see diff --git a/kernel/Makefile b/kernel/Makefile index 33824f0385b3..f29ae2997a43 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -58,6 +58,7 @@ endif obj-$(CONFIG_UID16) += uid16.o obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_MODULE_SIG) += module_signing.o +obj-$(CONFIG_MODULE_SIG_FORMAT) += module_signature.o obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o obj-$(CONFIG_CRASH_CORE) += crash_core.o diff --git a/kernel/module.c b/kernel/module.c index 6e6712b3aaf5..2712f4d217f5 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include diff --git a/kernel/module_signature.c b/kernel/module_signature.c new file mode 100644 index ..4224a1086b7d --- /dev/null +++ b/kernel/module_signature.c @@ -0,0 +1,46 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Module signature checker + * + * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved. + * Written by David Howells (dhowe...@redhat.com) + */ + +#include +#include +#include +#include + +/** + * mod_check_sig - check that the given signature is sane + * + * @ms:Signature to check. + * @file_len: Size of the file to which @ms is appen