On Fri, 8 Mar 2019, Matthew Garrett wrote:
> On Fri, Mar 8, 2019 at 3:00 PM James Morris wrote:
> >
> > On Wed, 6 Mar 2019, Matthew Garrett wrote:
> >
> > > From: David Howells
> > >
> > > If the kernel is locked down, require that all modules have valid
> > > signatures that we can verify.
> >
On Fri, Mar 8, 2019 at 3:00 PM James Morris wrote:
>
> On Wed, 6 Mar 2019, Matthew Garrett wrote:
>
> > From: David Howells
> >
> > If the kernel is locked down, require that all modules have valid
> > signatures that we can verify.
>
> Perhaps note that this won't cover the case where folk are
On Wed, 6 Mar 2019, Matthew Garrett wrote:
> From: David Howells
>
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.
Perhaps note that this won't cover the case where folk are using DM-Verity
with a signed root hash for verifying kernel
From: David Howells
If the kernel is locked down, require that all modules have valid
signatures that we can verify.
I have adjusted the errors generated:
(1) If there's no signature (ENODATA) or we can't check it (ENOPKG,
ENOKEY), then:
(a) If signatures are enforced then
From: David Howells
If the kernel is locked down, require that all modules have valid
signatures that we can verify or that IMA can validate the file.
I have adjusted the errors generated:
(1) If there's no signature (ENODATA) or we can't check it (ENOPKG,
ENOKEY), then:
(a) If
On Thu, 2017-11-02 at 22:01 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > Right, it would never get here if the IMA signature verification
> > fails. If sig_enforce is not enabled, then it will also work. So the
> > only case is if sig_enforced is enabled and
On Thu, 2017-11-02 at 22:01 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > Right, it would never get here if the IMA signature verification
> > fails. If sig_enforce is not enabled, then it will also work. So the
> > only case is if sig_enforced is enabled and there is no key.
> >
> >
Mimi Zohar wrote:
> Right, it would never get here if the IMA signature verification
> fails. If sig_enforce is not enabled, then it will also work. So the
> only case is if sig_enforced is enabled and there is no key.
>
> eg.
> else if (can_do_ima_check &&
Mimi Zohar wrote:
> Right, it would never get here if the IMA signature verification
> fails. If sig_enforce is not enabled, then it will also work. So the
> only case is if sig_enforced is enabled and there is no key.
>
> eg.
> else if (can_do_ima_check && is_ima_appraise_enabled())
On Thu, 2017-11-02 at 21:30 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > By this point, IMA-appraisal has already verified the kernel module
> > signature back in kernel_read_file_from_fd(), if it was required.
> > Having a key with which to verify the
On Thu, 2017-11-02 at 21:30 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > By this point, IMA-appraisal has already verified the kernel module
> > signature back in kernel_read_file_from_fd(), if it was required.
> > Having a key with which to verify the appended signature or requiring
>
Mimi Zohar wrote:
> By this point, IMA-appraisal has already verified the kernel module
> signature back in kernel_read_file_from_fd(), if it was required.
> Having a key with which to verify the appended signature or requiring
> an appended signature, should not be
Mimi Zohar wrote:
> By this point, IMA-appraisal has already verified the kernel module
> signature back in kernel_read_file_from_fd(), if it was required.
> Having a key with which to verify the appended signature or requiring
> an appended signature, should not be required as well.
I guess I
On Thu, 2017-11-02 at 17:22 +, David Howells wrote:
> #ifdef CONFIG_MODULE_SIG
> -static int module_sig_check(struct load_info *info, int flags)
> +static int module_sig_check(struct load_info *info, int flags,
> + bool can_do_ima_check)
> {
> int err =
On Thu, 2017-11-02 at 17:22 +, David Howells wrote:
> #ifdef CONFIG_MODULE_SIG
> -static int module_sig_check(struct load_info *info, int flags)
> +static int module_sig_check(struct load_info *info, int flags,
> + bool can_do_ima_check)
> {
> int err =
Hi Mimi,
I've altered this patch to allow for IMA appraisal on finit_module(). See the
attached.
David
---
commit c0d5336356004e7543314e388755a00e725521da
Author: David Howells
Date: Wed May 24 14:56:01 2017 +0100
Enforce module signatures if the kernel is locked
Hi Mimi,
I've altered this patch to allow for IMA appraisal on finit_module(). See the
attached.
David
---
commit c0d5336356004e7543314e388755a00e725521da
Author: David Howells
Date: Wed May 24 14:56:01 2017 +0100
Enforce module signatures if the kernel is locked down
If the
[Corrected Matthew Garrett's email address. Cc'ed Bruno Meneguele]
On Mon, 2017-10-30 at 17:00 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > This kernel_is_locked_down() check is being called for both the
> > original and new module_load syscalls. We need to
[Corrected Matthew Garrett's email address. Cc'ed Bruno Meneguele]
On Mon, 2017-10-30 at 17:00 +, David Howells wrote:
> Mimi Zohar wrote:
>
> > This kernel_is_locked_down() check is being called for both the
> > original and new module_load syscalls. We need to be able
> > differentiate
Mimi Zohar wrote:
> This kernel_is_locked_down() check is being called for both the
> original and new module_load syscalls. We need to be able
> differentiate them. This is fine for the original syscall, but for
> the new syscall we would need an additional IMA check
Mimi Zohar wrote:
> This kernel_is_locked_down() check is being called for both the
> original and new module_load syscalls. We need to be able
> differentiate them. This is fine for the original syscall, but for
> the new syscall we would need an additional IMA check -
>
On Thu, 2017-10-19 at 15:50 +0100, David Howells wrote:
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.
>
> Signed-off-by: David Howells
> ---
>
> kernel/module.c |3 ++-
> 1 file changed, 2 insertions(+), 1
On Thu, 2017-10-19 at 15:50 +0100, David Howells wrote:
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.
>
> Signed-off-by: David Howells
> ---
>
> kernel/module.c |3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git
On Thu, 19 Oct 2017, David Howells wrote:
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.
>
> Signed-off-by: David Howells
Reviewed-by: James Morris
--
James Morris
On Thu, 19 Oct 2017, David Howells wrote:
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.
>
> Signed-off-by: David Howells
Reviewed-by: James Morris
--
James Morris
Hi David,
Thanks for you send our this series.
On Thu, Oct 19, 2017 at 03:50:55PM +0100, David Howells wrote:
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.
>
> Signed-off-by: David Howells
I have reviewed and tested
Hi David,
Thanks for you send our this series.
On Thu, Oct 19, 2017 at 03:50:55PM +0100, David Howells wrote:
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.
>
> Signed-off-by: David Howells
I have reviewed and tested this patch. Please
If the kernel is locked down, require that all modules have valid
signatures that we can verify.
Signed-off-by: David Howells
---
kernel/module.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index
If the kernel is locked down, require that all modules have valid
signatures that we can verify.
Signed-off-by: David Howells
---
kernel/module.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index de66ec825992..3d9a3270c179 100644
29 matches
Mail list logo