Re: [PATCH 0/3] ELF executable signing and verification

2013-01-21 Thread Rusty Russell
Vivek Goyal writes: > Hi, > > This is a very crude RFC for ELF executable signing and verification. This > has been done along the lines of module signature verification. Yes, but I'm the first to admit that's the wrong lines. The reasons we didn't choose that for module signatures: 1) I was una

Re: [PATCH 0/3] ELF executable signing and verification

2013-01-17 Thread Vivek Goyal
On Thu, Jan 17, 2013 at 06:22:47PM +0200, Kasatkin, Dmitry wrote: [..] > > Currently it is expected to use these patches only for statically linked > > executables. No dynamic linking. In fact patches specifically disable > > calling interpreter. This does not prevent against somebody using dlopen

Re: [PATCH 0/3] ELF executable signing and verification

2013-01-17 Thread Kasatkin, Dmitry
On Tue, Jan 15, 2013 at 11:34 PM, Vivek Goyal wrote: > Hi, > > This is a very crude RFC for ELF executable signing and verification. This > has been done along the lines of module signature verification. > > Why do we need it > = > With arrival of secureboot, sys_kexec() is deemed

Re: [PATCH 0/3] ELF executable signing and verification

2013-01-15 Thread richard -rw- weinberger
On Wed, Jan 16, 2013 at 12:15 AM, Vivek Goyal wrote: > On Tue, Jan 15, 2013 at 11:27:12PM +0100, richard -rw- weinberger wrote: >> On Tue, Jan 15, 2013 at 10:34 PM, Vivek Goyal wrote: >> > Upon exec(), we determine if executable is signed. If it is, then locks >> > down the pages in memory (using

Re: [PATCH 0/3] ELF executable signing and verification

2013-01-15 Thread Vivek Goyal
On Tue, Jan 15, 2013 at 11:27:12PM +0100, richard -rw- weinberger wrote: > On Tue, Jan 15, 2013 at 10:34 PM, Vivek Goyal wrote: > > Upon exec(), we determine if executable is signed. If it is, then locks > > down the pages in memory (using MAP_LOCKED) and verfies the signature. > > If signature do

Re: [PATCH 0/3] ELF executable signing and verification

2013-01-15 Thread richard -rw- weinberger
On Tue, Jan 15, 2013 at 10:34 PM, Vivek Goyal wrote: > Upon exec(), we determine if executable is signed. If it is, then locks > down the pages in memory (using MAP_LOCKED) and verfies the signature. > If signature does not match, process is killed. Unsigned processes > don't get affected at all.

[PATCH 0/3] ELF executable signing and verification

2013-01-15 Thread Vivek Goyal
Hi, This is a very crude RFC for ELF executable signing and verification. This has been done along the lines of module signature verification. Why do we need it = With arrival of secureboot, sys_kexec() is deemed dangerous. One can effectively bypass the secureboot feature and run