Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
On Mon, 2019-08-05 at 15:11 +0200, Philipp Rudo wrote: > Hi Thiago, > > > > The patch looks good now. > > > > Thanks! Can I add your Reviewed-by? > > sorry, for the late answer, but I was on vacation the last two weeks. I hope > it's not too late now. > > Reviewed-by: Philipp Rudo Thanks! This patch set is still in the #next-queued-testing branch. I'm still hoping for a few more tags, before pushing it out to the #next-integrity branch later today. Mimi
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Hi Thiago, > > The patch looks good now. > > Thanks! Can I add your Reviewed-by? sorry, for the late answer, but I was on vacation the last two weeks. I hope it's not too late now. Reviewed-by: Philipp Rudo
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Hello Philipp, Philipp Rudo writes: > Hi Thiago, > > On Thu, 04 Jul 2019 15:57:34 -0300 > Thiago Jung Bauermann wrote: > >> Hello Philipp, >> >> Philipp Rudo writes: >> >> > Hi Thiago, >> > >> > >> > On Thu, 04 Jul 2019 03:42:57 -0300 >> > Thiago Jung Bauermann wrote: >> > >> >> Jessica Yu writes: >> >> >> >> > +++ Thiago Jung Bauermann [27/06/19 23:19 -0300]: >> >> >>IMA will use the module_signature format for append signatures, so >> >> >>export >> >> >>the relevant definitions and factor out the code which verifies that the >> >> >>appended signature trailer is valid. >> >> >> >> >> >>Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it >> >> >>and be able to use mod_check_sig() without having to depend on either >> >> >>CONFIG_MODULE_SIG or CONFIG_MODULES. >> >> >> >> >> >>Signed-off-by: Thiago Jung Bauermann >> >> >>Reviewed-by: Mimi Zohar >> >> >>Cc: Jessica Yu >> >> >>--- >> >> >> include/linux/module.h | 3 -- >> >> >> include/linux/module_signature.h | 44 + >> >> >> init/Kconfig | 6 +++- >> >> >> kernel/Makefile | 1 + >> >> >> kernel/module.c | 1 + >> >> >> kernel/module_signature.c| 46 ++ >> >> >> kernel/module_signing.c | 56 +--- >> >> >> scripts/Makefile | 2 +- >> >> >> 8 files changed, 106 insertions(+), 53 deletions(-) >> >> >> >> >> >>diff --git a/include/linux/module.h b/include/linux/module.h >> >> >>index 188998d3dca9..aa56f531cf1e 100644 >> >> >>--- a/include/linux/module.h >> >> >>+++ b/include/linux/module.h >> >> >>@@ -25,9 +25,6 @@ >> >> >> #include >> >> >> #include >> >> >> >> >> >>-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ >> >> >>-#define MODULE_SIG_STRING "~Module signature appended~\n" >> >> >>- >> >> > >> >> > Hi Thiago, apologies for the delay. >> >> >> >> Hello Jessica, thanks for reviewing the patch! >> >> >> >> > It looks like arch/s390/kernel/machine_kexec_file.c also relies on >> >> > MODULE_SIG_STRING being defined, so module_signature.h will need to be >> >> > included there too, otherwise we'll run into a compilation error. >> >> >> >> Indeed. Thanks for spotting that. The patch below fixes it. It's >> >> identical to the previous version except for the changes in >> >> arch/s390/kernel/machine_kexec_file.c and their description in the >> >> commit message. I'm also copying some s390 people in this email. >> > >> > to me the s390 part looks good but for one minor nit. >> >> Thanks for the prompt review! >> >> > In arch/s390/Kconfig KEXEC_VERIFY_SIG currently depends on >> > SYSTEM_DATA_VERIFICATION. I'd prefer when you update this to the new >> > MODULE_SIG_FORMAT. It shouldn't make any difference right now, as we don't >> > use mod_check_sig in our code path. But it could cause problems in the >> > future, >> > when more code might be shared. >> >> Makes sense. Here is the updated patch with the Kconfig change. >> > > The patch looks good now. Thanks! Can I add your Reviewed-by? -- Thiago Jung Bauermann IBM Linux Technology Center
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Hi Thiago, On Thu, 04 Jul 2019 15:57:34 -0300 Thiago Jung Bauermann wrote: > Hello Philipp, > > Philipp Rudo writes: > > > Hi Thiago, > > > > > > On Thu, 04 Jul 2019 03:42:57 -0300 > > Thiago Jung Bauermann wrote: > > > >> Jessica Yu writes: > >> > >> > +++ Thiago Jung Bauermann [27/06/19 23:19 -0300]: > >> >>IMA will use the module_signature format for append signatures, so export > >> >>the relevant definitions and factor out the code which verifies that the > >> >>appended signature trailer is valid. > >> >> > >> >>Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it > >> >>and be able to use mod_check_sig() without having to depend on either > >> >>CONFIG_MODULE_SIG or CONFIG_MODULES. > >> >> > >> >>Signed-off-by: Thiago Jung Bauermann > >> >>Reviewed-by: Mimi Zohar > >> >>Cc: Jessica Yu > >> >>--- > >> >> include/linux/module.h | 3 -- > >> >> include/linux/module_signature.h | 44 + > >> >> init/Kconfig | 6 +++- > >> >> kernel/Makefile | 1 + > >> >> kernel/module.c | 1 + > >> >> kernel/module_signature.c| 46 ++ > >> >> kernel/module_signing.c | 56 +--- > >> >> scripts/Makefile | 2 +- > >> >> 8 files changed, 106 insertions(+), 53 deletions(-) > >> >> > >> >>diff --git a/include/linux/module.h b/include/linux/module.h > >> >>index 188998d3dca9..aa56f531cf1e 100644 > >> >>--- a/include/linux/module.h > >> >>+++ b/include/linux/module.h > >> >>@@ -25,9 +25,6 @@ > >> >> #include > >> >> #include > >> >> > >> >>-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ > >> >>-#define MODULE_SIG_STRING "~Module signature appended~\n" > >> >>- > >> > > >> > Hi Thiago, apologies for the delay. > >> > >> Hello Jessica, thanks for reviewing the patch! > >> > >> > It looks like arch/s390/kernel/machine_kexec_file.c also relies on > >> > MODULE_SIG_STRING being defined, so module_signature.h will need to be > >> > included there too, otherwise we'll run into a compilation error. > >> > >> Indeed. Thanks for spotting that. The patch below fixes it. It's > >> identical to the previous version except for the changes in > >> arch/s390/kernel/machine_kexec_file.c and their description in the > >> commit message. I'm also copying some s390 people in this email. > > > > to me the s390 part looks good but for one minor nit. > > Thanks for the prompt review! > > > In arch/s390/Kconfig KEXEC_VERIFY_SIG currently depends on > > SYSTEM_DATA_VERIFICATION. I'd prefer when you update this to the new > > MODULE_SIG_FORMAT. It shouldn't make any difference right now, as we don't > > use mod_check_sig in our code path. But it could cause problems in the > > future, > > when more code might be shared. > > Makes sense. Here is the updated patch with the Kconfig change. > The patch looks good now. Thanks a lot PHilipp
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Hello Philipp, Philipp Rudo writes: > Hi Thiago, > > > On Thu, 04 Jul 2019 03:42:57 -0300 > Thiago Jung Bauermann wrote: > >> Jessica Yu writes: >> >> > +++ Thiago Jung Bauermann [27/06/19 23:19 -0300]: >> >>IMA will use the module_signature format for append signatures, so export >> >>the relevant definitions and factor out the code which verifies that the >> >>appended signature trailer is valid. >> >> >> >>Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it >> >>and be able to use mod_check_sig() without having to depend on either >> >>CONFIG_MODULE_SIG or CONFIG_MODULES. >> >> >> >>Signed-off-by: Thiago Jung Bauermann >> >>Reviewed-by: Mimi Zohar >> >>Cc: Jessica Yu >> >>--- >> >> include/linux/module.h | 3 -- >> >> include/linux/module_signature.h | 44 + >> >> init/Kconfig | 6 +++- >> >> kernel/Makefile | 1 + >> >> kernel/module.c | 1 + >> >> kernel/module_signature.c| 46 ++ >> >> kernel/module_signing.c | 56 +--- >> >> scripts/Makefile | 2 +- >> >> 8 files changed, 106 insertions(+), 53 deletions(-) >> >> >> >>diff --git a/include/linux/module.h b/include/linux/module.h >> >>index 188998d3dca9..aa56f531cf1e 100644 >> >>--- a/include/linux/module.h >> >>+++ b/include/linux/module.h >> >>@@ -25,9 +25,6 @@ >> >> #include >> >> #include >> >> >> >>-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ >> >>-#define MODULE_SIG_STRING "~Module signature appended~\n" >> >>- >> > >> > Hi Thiago, apologies for the delay. >> >> Hello Jessica, thanks for reviewing the patch! >> >> > It looks like arch/s390/kernel/machine_kexec_file.c also relies on >> > MODULE_SIG_STRING being defined, so module_signature.h will need to be >> > included there too, otherwise we'll run into a compilation error. >> >> Indeed. Thanks for spotting that. The patch below fixes it. It's >> identical to the previous version except for the changes in >> arch/s390/kernel/machine_kexec_file.c and their description in the >> commit message. I'm also copying some s390 people in this email. > > to me the s390 part looks good but for one minor nit. Thanks for the prompt review! > In arch/s390/Kconfig KEXEC_VERIFY_SIG currently depends on > SYSTEM_DATA_VERIFICATION. I'd prefer when you update this to the new > MODULE_SIG_FORMAT. It shouldn't make any difference right now, as we don't > use mod_check_sig in our code path. But it could cause problems in the future, > when more code might be shared. Makes sense. Here is the updated patch with the Kconfig change. -- Thiago Jung Bauermann IBM Linux Technology Center >From d0e870a6eccc7126c0416ad7369888052c15eb18 Mon Sep 17 00:00:00 2001 From: Thiago Jung Bauermann Date: Thu, 17 May 2018 21:46:12 -0300 Subject: [PATCH 1/1] MODSIGN: Export module signature definitions IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use mod_check_sig() without having to depend on either CONFIG_MODULE_SIG or CONFIG_MODULES. s390 duplicated the definition of struct module_signature so now they can use the new header instead. Signed-off-by: Thiago Jung Bauermann Reviewed-by: Mimi Zohar Acked-by: Jessica Yu Cc: Heiko Carstens Cc: Philipp Rudo --- arch/s390/Kconfig | 2 +- arch/s390/kernel/machine_kexec_file.c | 24 +--- include/linux/module.h| 3 -- include/linux/module_signature.h | 44 + init/Kconfig | 6 ++- kernel/Makefile | 1 + kernel/module.c | 1 + kernel/module_signature.c | 46 ++ kernel/module_signing.c | 56 --- scripts/Makefile | 2 +- 10 files changed, 108 insertions(+), 77 deletions(-) create mode 100644 include/linux/module_signature.h create mode 100644 kernel/module_signature.c diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 109243fdb6ec..446b7ffa1294 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -557,7 +557,7 @@ config ARCH_HAS_KEXEC_PURGATORY config KEXEC_VERIFY_SIG bool "Verify kernel signature during kexec_file_load() syscall" - depends on KEXEC_FILE && SYSTEM_DATA_VERIFICATION + depends on KEXEC_FILE && MODULE_SIG_FORMAT help This option makes kernel signature verification mandatory for the kexec_file_load() syscall. diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c index fbdd3ea73667..1ac9fbc6e01e 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Hi Thiago, On Thu, 04 Jul 2019 03:42:57 -0300 Thiago Jung Bauermann wrote: > Jessica Yu writes: > > > +++ Thiago Jung Bauermann [27/06/19 23:19 -0300]: > >>IMA will use the module_signature format for append signatures, so export > >>the relevant definitions and factor out the code which verifies that the > >>appended signature trailer is valid. > >> > >>Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it > >>and be able to use mod_check_sig() without having to depend on either > >>CONFIG_MODULE_SIG or CONFIG_MODULES. > >> > >>Signed-off-by: Thiago Jung Bauermann > >>Reviewed-by: Mimi Zohar > >>Cc: Jessica Yu > >>--- > >> include/linux/module.h | 3 -- > >> include/linux/module_signature.h | 44 + > >> init/Kconfig | 6 +++- > >> kernel/Makefile | 1 + > >> kernel/module.c | 1 + > >> kernel/module_signature.c| 46 ++ > >> kernel/module_signing.c | 56 +--- > >> scripts/Makefile | 2 +- > >> 8 files changed, 106 insertions(+), 53 deletions(-) > >> > >>diff --git a/include/linux/module.h b/include/linux/module.h > >>index 188998d3dca9..aa56f531cf1e 100644 > >>--- a/include/linux/module.h > >>+++ b/include/linux/module.h > >>@@ -25,9 +25,6 @@ > >> #include > >> #include > >> > >>-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ > >>-#define MODULE_SIG_STRING "~Module signature appended~\n" > >>- > > > > Hi Thiago, apologies for the delay. > > Hello Jessica, thanks for reviewing the patch! > > > It looks like arch/s390/kernel/machine_kexec_file.c also relies on > > MODULE_SIG_STRING being defined, so module_signature.h will need to be > > included there too, otherwise we'll run into a compilation error. > > Indeed. Thanks for spotting that. The patch below fixes it. It's > identical to the previous version except for the changes in > arch/s390/kernel/machine_kexec_file.c and their description in the > commit message. I'm also copying some s390 people in this email. to me the s390 part looks good but for one minor nit. In arch/s390/Kconfig KEXEC_VERIFY_SIG currently depends on SYSTEM_DATA_VERIFICATION. I'd prefer when you update this to the new MODULE_SIG_FORMAT. It shouldn't make any difference right now, as we don't use mod_check_sig in our code path. But it could cause problems in the future, when more code might be shared. Thanks Philipp > > Other than that, the module-related changes look good to me: > > > > Acked-by: Jessica Yu > > Thank you very much! >
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
Jessica Yu writes:
> +++ Thiago Jung Bauermann [27/06/19 23:19 -0300]:
>>IMA will use the module_signature format for append signatures, so export
>>the relevant definitions and factor out the code which verifies that the
>>appended signature trailer is valid.
>>
>>Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
>>and be able to use mod_check_sig() without having to depend on either
>>CONFIG_MODULE_SIG or CONFIG_MODULES.
>>
>>Signed-off-by: Thiago Jung Bauermann
>>Reviewed-by: Mimi Zohar
>>Cc: Jessica Yu
>>---
>> include/linux/module.h | 3 --
>> include/linux/module_signature.h | 44 +
>> init/Kconfig | 6 +++-
>> kernel/Makefile | 1 +
>> kernel/module.c | 1 +
>> kernel/module_signature.c| 46 ++
>> kernel/module_signing.c | 56 +---
>> scripts/Makefile | 2 +-
>> 8 files changed, 106 insertions(+), 53 deletions(-)
>>
>>diff --git a/include/linux/module.h b/include/linux/module.h
>>index 188998d3dca9..aa56f531cf1e 100644
>>--- a/include/linux/module.h
>>+++ b/include/linux/module.h
>>@@ -25,9 +25,6 @@
>> #include
>> #include
>>
>>-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
>>-#define MODULE_SIG_STRING "~Module signature appended~\n"
>>-
>
> Hi Thiago, apologies for the delay.
Hello Jessica, thanks for reviewing the patch!
> It looks like arch/s390/kernel/machine_kexec_file.c also relies on
> MODULE_SIG_STRING being defined, so module_signature.h will need to be
> included there too, otherwise we'll run into a compilation error.
Indeed. Thanks for spotting that. The patch below fixes it. It's
identical to the previous version except for the changes in
arch/s390/kernel/machine_kexec_file.c and their description in the
commit message. I'm also copying some s390 people in this email.
> Other than that, the module-related changes look good to me:
>
> Acked-by: Jessica Yu
Thank you very much!
--
Thiago Jung Bauermann
IBM Linux Technology Center
>From 0ca180c66f4cff8b1fcd51f3457cc06dac2f0e81 Mon Sep 17 00:00:00 2001
From: Thiago Jung Bauermann
Date: Thu, 17 May 2018 21:46:12 -0300
Subject: [PATCH 1/1] MODSIGN: Export module signature definitions
IMA will use the module_signature format for append signatures, so export
the relevant definitions and factor out the code which verifies that the
appended signature trailer is valid.
Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use mod_check_sig() without having to depend on either
CONFIG_MODULE_SIG or CONFIG_MODULES.
s390 duplicated the definition of struct module_signature so now they can
use the new header instead.
Signed-off-by: Thiago Jung Bauermann
Reviewed-by: Mimi Zohar
Acked-by: Jessica Yu
Cc: Heiko Carstens
Cc: Philipp Rudo
---
arch/s390/kernel/machine_kexec_file.c | 24 +---
include/linux/module.h| 3 --
include/linux/module_signature.h | 44 +
init/Kconfig | 6 ++-
kernel/Makefile | 1 +
kernel/module.c | 1 +
kernel/module_signature.c | 46 ++
kernel/module_signing.c | 56 ---
scripts/Makefile | 2 +-
9 files changed, 107 insertions(+), 76 deletions(-)
create mode 100644 include/linux/module_signature.h
create mode 100644 kernel/module_signature.c
diff --git a/arch/s390/kernel/machine_kexec_file.c
b/arch/s390/kernel/machine_kexec_file.c
index fbdd3ea73667..1ac9fbc6e01e 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -10,7 +10,7 @@
#include
#include
#include
-#include
+#include
#include
#include
#include
@@ -23,28 +23,6 @@ const struct kexec_file_ops * const kexec_file_loaders[] = {
};
#ifdef CONFIG_KEXEC_VERIFY_SIG
-/*
- * Module signature information block.
- *
- * The constituents of the signature section are, in order:
- *
- * - Signer's name
- * - Key identifier
- * - Signature data
- * - Information block
- */
-struct module_signature {
- u8 algo; /* Public-key crypto algorithm [0] */
- u8 hash; /* Digest algorithm [0] */
- u8 id_type;/* Key identifier type [PKEY_ID_PKCS7] */
- u8 signer_len; /* Length of signer's name [0] */
- u8 key_id_len; /* Length of key identifier [0] */
- u8 __pad[3];
- __be32 sig_len;/* Length of signature data */
-};
-
-#define PKEY_ID_PKCS7 2
-
int s390_verify_sig(const char *kernel, unsigned long kernel_len)
{
const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1;
diff --git a/include/linux/module.h b/include/linux/module.h
index 188998d3dca9..aa56f531cf1e 100644
--- a/include/linux/module.h
+++ b/include/
Re: [PATCH v12 01/11] MODSIGN: Export module signature definitions
+++ Thiago Jung Bauermann [27/06/19 23:19 -0300]:
IMA will use the module_signature format for append signatures, so export
the relevant definitions and factor out the code which verifies that the
appended signature trailer is valid.
Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use mod_check_sig() without having to depend on either
CONFIG_MODULE_SIG or CONFIG_MODULES.
Signed-off-by: Thiago Jung Bauermann
Reviewed-by: Mimi Zohar
Cc: Jessica Yu
---
include/linux/module.h | 3 --
include/linux/module_signature.h | 44 +
init/Kconfig | 6 +++-
kernel/Makefile | 1 +
kernel/module.c | 1 +
kernel/module_signature.c| 46 ++
kernel/module_signing.c | 56 +---
scripts/Makefile | 2 +-
8 files changed, 106 insertions(+), 53 deletions(-)
diff --git a/include/linux/module.h b/include/linux/module.h
index 188998d3dca9..aa56f531cf1e 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -25,9 +25,6 @@
#include
#include
-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIG_STRING "~Module signature appended~\n"
-
Hi Thiago, apologies for the delay.
It looks like arch/s390/kernel/machine_kexec_file.c also relies on
MODULE_SIG_STRING being defined, so module_signature.h will need to be
included there too, otherwise we'll run into a compilation error.
Other than that, the module-related changes look good to me:
Acked-by: Jessica Yu
Thanks!
Jessica
/* Not Yet Implemented */
#define MODULE_SUPPORTED_DEVICE(name)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
new file mode 100644
index ..523617fc5b6a
--- /dev/null
+++ b/include/linux/module_signature.h
@@ -0,0 +1,44 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowe...@redhat.com)
+ */
+
+#ifndef _LINUX_MODULE_SIGNATURE_H
+#define _LINUX_MODULE_SIGNATURE_H
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIG_STRING "~Module signature appended~\n"
+
+enum pkey_id_type {
+ PKEY_ID_PGP,/* OpenPGP generated key ID */
+ PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
+ PKEY_ID_PKCS7, /* Signature in PKCS#7 message */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ * - Signer's name
+ * - Key identifier
+ * - Signature data
+ * - Information block
+ */
+struct module_signature {
+ u8 algo; /* Public-key crypto algorithm [0] */
+ u8 hash; /* Digest algorithm [0] */
+ u8 id_type;/* Key identifier type [PKEY_ID_PKCS7] */
+ u8 signer_len; /* Length of signer's name [0] */
+ u8 key_id_len; /* Length of key identifier [0] */
+ u8 __pad[3];
+ __be32 sig_len;/* Length of signature data */
+};
+
+int mod_check_sig(const struct module_signature *ms, size_t file_len,
+ const char *name);
+
+#endif /* _LINUX_MODULE_SIGNATURE_H */
diff --git a/init/Kconfig b/init/Kconfig
index 8b9ffe236e4f..c2286a3c74c5 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1852,6 +1852,10 @@ config BASE_SMALL
default 0 if BASE_FULL
default 1 if !BASE_FULL
+config MODULE_SIG_FORMAT
+ def_bool n
+ select SYSTEM_DATA_VERIFICATION
+
menuconfig MODULES
bool "Enable loadable module support"
option modules
@@ -1929,7 +1933,7 @@ config MODULE_SRCVERSION_ALL
config MODULE_SIG
bool "Module signature verification"
depends on MODULES
- select SYSTEM_DATA_VERIFICATION
+ select MODULE_SIG_FORMAT
help
Check modules for valid signatures upon load: the signature
is simply appended to the module. For more information see
diff --git a/kernel/Makefile b/kernel/Makefile
index 33824f0385b3..f29ae2997a43 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -58,6 +58,7 @@ endif
obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
+obj-$(CONFIG_MODULE_SIG_FORMAT) += module_signature.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_CRASH_CORE) += crash_core.o
diff --git a/kernel/module.c b/kernel/module.c
index 6e6712b3aaf5..2712f4d217f5 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
#include
#include
#include
diff --git a/kernel/module_signature.c b/kernel/module_signature.c
new file mode 100644
index ..4224a1086b7d
--- /dev/null
+++ b/kernel/module_signature.c
@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: GPL-
[PATCH v12 01/11] MODSIGN: Export module signature definitions
IMA will use the module_signature format for append signatures, so export
the relevant definitions and factor out the code which verifies that the
appended signature trailer is valid.
Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use mod_check_sig() without having to depend on either
CONFIG_MODULE_SIG or CONFIG_MODULES.
Signed-off-by: Thiago Jung Bauermann
Reviewed-by: Mimi Zohar
Cc: Jessica Yu
---
include/linux/module.h | 3 --
include/linux/module_signature.h | 44 +
init/Kconfig | 6 +++-
kernel/Makefile | 1 +
kernel/module.c | 1 +
kernel/module_signature.c| 46 ++
kernel/module_signing.c | 56 +---
scripts/Makefile | 2 +-
8 files changed, 106 insertions(+), 53 deletions(-)
diff --git a/include/linux/module.h b/include/linux/module.h
index 188998d3dca9..aa56f531cf1e 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -25,9 +25,6 @@
#include
#include
-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIG_STRING "~Module signature appended~\n"
-
/* Not Yet Implemented */
#define MODULE_SUPPORTED_DEVICE(name)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
new file mode 100644
index ..523617fc5b6a
--- /dev/null
+++ b/include/linux/module_signature.h
@@ -0,0 +1,44 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowe...@redhat.com)
+ */
+
+#ifndef _LINUX_MODULE_SIGNATURE_H
+#define _LINUX_MODULE_SIGNATURE_H
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIG_STRING "~Module signature appended~\n"
+
+enum pkey_id_type {
+ PKEY_ID_PGP,/* OpenPGP generated key ID */
+ PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
+ PKEY_ID_PKCS7, /* Signature in PKCS#7 message */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ * - Signer's name
+ * - Key identifier
+ * - Signature data
+ * - Information block
+ */
+struct module_signature {
+ u8 algo; /* Public-key crypto algorithm [0] */
+ u8 hash; /* Digest algorithm [0] */
+ u8 id_type;/* Key identifier type [PKEY_ID_PKCS7] */
+ u8 signer_len; /* Length of signer's name [0] */
+ u8 key_id_len; /* Length of key identifier [0] */
+ u8 __pad[3];
+ __be32 sig_len;/* Length of signature data */
+};
+
+int mod_check_sig(const struct module_signature *ms, size_t file_len,
+ const char *name);
+
+#endif /* _LINUX_MODULE_SIGNATURE_H */
diff --git a/init/Kconfig b/init/Kconfig
index 8b9ffe236e4f..c2286a3c74c5 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1852,6 +1852,10 @@ config BASE_SMALL
default 0 if BASE_FULL
default 1 if !BASE_FULL
+config MODULE_SIG_FORMAT
+ def_bool n
+ select SYSTEM_DATA_VERIFICATION
+
menuconfig MODULES
bool "Enable loadable module support"
option modules
@@ -1929,7 +1933,7 @@ config MODULE_SRCVERSION_ALL
config MODULE_SIG
bool "Module signature verification"
depends on MODULES
- select SYSTEM_DATA_VERIFICATION
+ select MODULE_SIG_FORMAT
help
Check modules for valid signatures upon load: the signature
is simply appended to the module. For more information see
diff --git a/kernel/Makefile b/kernel/Makefile
index 33824f0385b3..f29ae2997a43 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -58,6 +58,7 @@ endif
obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o
+obj-$(CONFIG_MODULE_SIG_FORMAT) += module_signature.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_CRASH_CORE) += crash_core.o
diff --git a/kernel/module.c b/kernel/module.c
index 6e6712b3aaf5..2712f4d217f5 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include
#include
#include
#include
diff --git a/kernel/module_signature.c b/kernel/module_signature.c
new file mode 100644
index ..4224a1086b7d
--- /dev/null
+++ b/kernel/module_signature.c
@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Module signature checker
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowe...@redhat.com)
+ */
+
+#include
+#include
+#include
+#include
+
+/**
+ * mod_check_sig - check that the given signature is sane
+ *
+ * @ms:Signature to check.
+ * @file_len: Size of the file to which @ms is appen
