On Thu, Sep 03, 2015 at 02:14:18PM -0700, Kees Cook wrote:
> [removed bounced email addresses]
>
> On Wed, Sep 2, 2015 at 2:37 PM, Luis R. Rodriguez wrote:
> > On Wed, Sep 02, 2015 at 01:54:43PM -0700, Kees Cook wrote:
> >> On Wed, Sep 2, 2015 at 11:46 AM, Luis R. Rodriguez
[removed bounced email addresses]
On Wed, Sep 2, 2015 at 2:37 PM, Luis R. Rodriguez wrote:
> On Wed, Sep 02, 2015 at 01:54:43PM -0700, Kees Cook wrote:
>> On Wed, Sep 2, 2015 at 11:46 AM, Luis R. Rodriguez wrote:
>> > On Tue, Sep 01, 2015 at 11:35:05PM -0400,
On Tue, Sep 1, 2015 at 8:44 PM, Mimi Zohar wrote:
> On Tue, 2015-09-01 at 20:08 -0700, Kees Cook wrote:
>> On Tue, Sep 1, 2015 at 4:43 PM, Luis R. Rodriguez wrote:
>> > On Mon, Aug 31, 2015 at 10:18:55AM -0400, Mimi Zohar wrote:
>> >> > > eBPF/seccomp
On Wed, 2015-09-02 at 08:28 -0700, Kees Cook wrote:
> On Tue, Sep 1, 2015 at 8:44 PM, Mimi Zohar wrote:
> > On Tue, 2015-09-01 at 20:08 -0700, Kees Cook wrote:
> >> On Tue, Sep 1, 2015 at 4:43 PM, Luis R. Rodriguez wrote:
> >> > On Mon, Aug 31, 2015 at
On 2015-09-02 12:45, Mimi Zohar wrote:
On Wed, 2015-09-02 at 08:28 -0700, Kees Cook wrote:
On Tue, Sep 1, 2015 at 8:44 PM, Mimi Zohar wrote:
On Tue, 2015-09-01 at 20:08 -0700, Kees Cook wrote:
On Tue, Sep 1, 2015 at 4:43 PM, Luis R. Rodriguez
On Tue, Sep 01, 2015 at 11:35:05PM -0400, Mimi Zohar wrote:
> > OK great, I think that instead of passing the actual routine name we should
> > instead pass an enum type for to the LSM, that'd be easier to parse and we'd
> > then have each case well documented. Each LSM then could add its own
> >
On Wed, Sep 02, 2015 at 07:54:13PM -0400, Mimi Zohar wrote:
> On Wed, 2015-09-02 at 01:43 +0200, Luis R. Rodriguez wrote:
> > On Mon, Aug 31, 2015 at 10:18:55AM -0400, Mimi Zohar wrote:
> > > On Sat, 2015-08-29 at 04:16 +0200, Luis R. Rodriguez wrote:
> > > > On Thu, Aug 27, 2015 at 07:54:33PM
On Wed, 2015-09-02 at 01:43 +0200, Luis R. Rodriguez wrote:
> On Mon, Aug 31, 2015 at 10:18:55AM -0400, Mimi Zohar wrote:
> > On Sat, 2015-08-29 at 04:16 +0200, Luis R. Rodriguez wrote:
> > > On Thu, Aug 27, 2015 at 07:54:33PM -0400, Mimi Zohar wrote:
> > > > On Thu, 2015-08-27 at 23:29 +0200,
On Wed, 2015-09-02 at 20:46 +0200, Luis R. Rodriguez wrote:
> On Tue, Sep 01, 2015 at 11:35:05PM -0400, Mimi Zohar wrote:
> > > OK great, I think that instead of passing the actual routine name we
> > > should
> > > instead pass an enum type for to the LSM, that'd be easier to parse and
> > >
On Wed, Sep 02, 2015 at 08:05:36PM -0400, Mimi Zohar wrote:
> On Wed, 2015-09-02 at 20:46 +0200, Luis R. Rodriguez wrote:
> > On Tue, Sep 01, 2015 at 11:35:05PM -0400, Mimi Zohar wrote:
> > > > OK great, I think that instead of passing the actual routine name we
> > > > should
> > > > instead
On Thu, 2015-09-03 at 02:29 +0200, Luis R. Rodriguez wrote:
> On Wed, Sep 02, 2015 at 08:05:36PM -0400, Mimi Zohar wrote:
> > On Wed, 2015-09-02 at 20:46 +0200, Luis R. Rodriguez wrote:
> > > On Tue, Sep 01, 2015 at 11:35:05PM -0400, Mimi Zohar wrote:
> > > We want something that is not only
On Wed, Sep 2, 2015 at 11:46 AM, Luis R. Rodriguez wrote:
> On Tue, Sep 01, 2015 at 11:35:05PM -0400, Mimi Zohar wrote:
>> > OK great, I think that instead of passing the actual routine name we should
>> > instead pass an enum type for to the LSM, that'd be easier to parse and
On Wed, Sep 02, 2015 at 01:54:43PM -0700, Kees Cook wrote:
> On Wed, Sep 2, 2015 at 11:46 AM, Luis R. Rodriguez wrote:
> > On Tue, Sep 01, 2015 at 11:35:05PM -0400, Mimi Zohar wrote:
> >> > OK great, I think that instead of passing the actual routine name we
> >> > should
> >> >
On Mon, Aug 31, 2015 at 10:18:55AM -0400, Mimi Zohar wrote:
> On Sat, 2015-08-29 at 04:16 +0200, Luis R. Rodriguez wrote:
> > On Thu, Aug 27, 2015 at 07:54:33PM -0400, Mimi Zohar wrote:
> > > On Thu, 2015-08-27 at 23:29 +0200, Luis R. Rodriguez wrote:
> > > > On Thu, Aug 27, 2015 at 10:57:23AM
On Tue, Sep 1, 2015 at 4:43 PM, Luis R. Rodriguez wrote:
> On Mon, Aug 31, 2015 at 10:18:55AM -0400, Mimi Zohar wrote:
>> > > eBPF/seccomp
>
> OK I knew nothing about this but I just looked into it, here are my notes:
>
> * old BPF - how far do we want to go? This goes so far
On Mon, Aug 31, 2015 at 12:45:36PM -0400, Mimi Zohar wrote:
> On Mon, 2015-08-31 at 17:05 +0100, David Woodhouse wrote:
> > On Mon, 2015-08-31 at 10:18 -0400, Mimi Zohar wrote:
> > > I'm not real happy about it, but since we can't break the existing ABI
> > > of loading data into the kernel via a
On Tue, Sep 01, 2015 at 01:20:37PM -0700, Kees Cook wrote:
> On Thu, Aug 27, 2015 at 2:29 PM, Luis R. Rodriguez wrote:
> > On Thu, Aug 27, 2015 at 10:57:23AM -, David Woodhouse wrote:
> > Right so now that firmware usermode helper is behind us (systemd ripped it)
> > we
> >
er.kernel.org; Andy Lutomirski;
> linux-
> security-mod...@vger.kernel.org; Greg Kroah-Hartman; Vitaly Kuznetsov; David
> Woodhouse
> Subject: Re: Linux Firmware Signing
>
> Paul Moore wrote:
>
> >
> > Yes, there are lots of way we could solve the signed policy format
...@vger.kernel.org; Greg Kroah-Hartman; Vitaly Kuznetsov; David
Woodhouse
Subject: Re: Linux Firmware Signing
Paul Moore wrote:
Yes, there are lots of way we could solve the signed policy format
issue, I just don't have one in mind at this moment. Also, to be
honest, there are enough limitations
On Mon, 2015-08-31 at 22:52 -0400, Paul Moore wrote:
> On Fri, Aug 28, 2015 at 10:03 PM, Luis R. Rodriguez
> wrote:
> > On Fri, Aug 28, 2015 at 06:26:05PM -0400, Paul Moore wrote:
> > > On Fri, Aug 28, 2015 at 7:20 AM, Roberts, William C
> > > wrote:
On Thu, Aug 27, 2015 at 2:29 PM, Luis R. Rodriguez wrote:
> On Thu, Aug 27, 2015 at 10:57:23AM -, David Woodhouse wrote:
>> In conversation with Mimi last week she was very keen on the model where
>> we load modules & firmware in such a fashion that the kernel has access to
On Tue, 2015-09-01 at 20:08 -0700, Kees Cook wrote:
> On Tue, Sep 1, 2015 at 4:43 PM, Luis R. Rodriguez wrote:
> > On Mon, Aug 31, 2015 at 10:18:55AM -0400, Mimi Zohar wrote:
> >> > > eBPF/seccomp
> >
> > OK I knew nothing about this but I just looked into it, here are my notes:
On Wed, 2015-09-02 at 02:09 +0200, Luis R. Rodriguez wrote:
> On Tue, Sep 01, 2015 at 01:20:37PM -0700, Kees Cook wrote:
> > On Thu, Aug 27, 2015 at 2:29 PM, Luis R. Rodriguez wrote:
> > As long as the LSM know what kind of file it's loading, and has access
> > to the fd (and for
Paul Moore wrote:
Yes, there are lots of way we could solve the signed policy format
issue, I just don't have one in mind at this moment. Also, to be
honest, there are enough limitations to signing SELinux policies that
this isn't very high onmy personal SELinux priority list.
The fact
On Fri, Aug 28, 2015 at 10:03 PM, Luis R. Rodriguez wrote:
> On Fri, Aug 28, 2015 at 06:26:05PM -0400, Paul Moore wrote:
>> On Fri, Aug 28, 2015 at 7:20 AM, Roberts, William C
>> wrote:
>> > Even triggered updates make sense, since you can at least
On Mon, 2015-08-31 at 10:18 -0400, Mimi Zohar wrote:
> I'm not real happy about it, but since we can't break the existing ABI
> of loading data into the kernel via a buffer, a stop gap method of
> signing and verifying a buffer would be needed.
Actually I think we can. The usermode helper is
On Mon, 2015-08-31 at 17:05 +0100, David Woodhouse wrote:
> On Mon, 2015-08-31 at 10:18 -0400, Mimi Zohar wrote:
> > I'm not real happy about it, but since we can't break the existing ABI
> > of loading data into the kernel via a buffer, a stop gap method of
> > signing and verifying a buffer
On Sat, 2015-08-29 at 04:16 +0200, Luis R. Rodriguez wrote:
> On Thu, Aug 27, 2015 at 07:54:33PM -0400, Mimi Zohar wrote:
> > On Thu, 2015-08-27 at 23:29 +0200, Luis R. Rodriguez wrote:
> > > On Thu, Aug 27, 2015 at 10:57:23AM -, David Woodhouse wrote:
> > > > > Luis R. Rodriguez
; Kyle McMartin; Seth Forshee; Matthew Garrett; Johannes
Berg
Subject: Re: Linux Firmware Signing
On Thu, Aug 27, 2015 at 5:29 PM, Luis R. Rodriguez mcg...@suse.com wrote:
On Thu, Aug 27, 2015 at 10:57:23AM -, David Woodhouse wrote:
SELinux uses: security_load_policy(data, len), refer
On Fri, Aug 28, 2015 at 06:26:05PM -0400, Paul Moore wrote:
On Fri, Aug 28, 2015 at 7:20 AM, Roberts, William C
william.c.robe...@intel.com wrote:
Even triggered updates make sense, since you can at least have some form of
trust
of where that binary policy came from.
It isn't always
On Thu, Aug 27, 2015 at 07:54:33PM -0400, Mimi Zohar wrote:
On Thu, 2015-08-27 at 23:29 +0200, Luis R. Rodriguez wrote:
On Thu, Aug 27, 2015 at 10:57:23AM -, David Woodhouse wrote:
Luis R. Rodriguez mcg...@suse.com wrote:
PKCS#7: Add an optional authenticated attribute to hold
On Fri, Aug 28, 2015 at 11:20:10AM +, Roberts, William C wrote:
-Original Message-
From: Paul Moore [mailto:p...@paul-moore.com]
While I question the usefulness of a SELinux policy signature in the
general case,
there are some situations where it might make sense, e.g.
; Greg Kroah-Hartman; Peter Jones; Takashi Iwai; Ming Lei;
Joey
Lee; Vojtěch Pavlík; Kyle McMartin; Seth Forshee; Matthew Garrett; Johannes
Berg
Subject: Re: Linux Firmware Signing
On Thu, Aug 27, 2015 at 5:29 PM, Luis R. Rodriguez mcg...@suse.com wrote:
On Thu, Aug 27, 2015 at 10:57:23AM
On Thu, Aug 27, 2015 at 11:38:58AM +0100, David Howells wrote:
Luis R. Rodriguez mcg...@suse.com wrote:
PKCS#7: Add an optional authenticated attribute to hold firmware name
On Wed, Aug 26, 2015 at 10:35:19PM -0400, Paul Moore wrote:
On Wed, Aug 26, 2015 at 7:26 PM, Luis R. Rodriguez mcg...@suse.com wrote:
On Wed, Aug 26, 2015 at 03:33:04PM +0100, David Howells wrote:
Now let's review the SELinux stuff before we jump back into firmware /
system
data stuff
On Thu, Aug 27, 2015 at 10:57:23AM -, David Woodhouse wrote:
Luis R. Rodriguez mcg...@suse.com wrote:
PKCS#7: Add an optional authenticated attribute to hold firmware name
On Thu, Aug 27, 2015 at 3:36 PM, Luis R. Rodriguez mcg...@suse.com wrote:
On Wed, Aug 26, 2015 at 10:35:19PM -0400, Paul Moore wrote:
On Wed, Aug 26, 2015 at 7:26 PM, Luis R. Rodriguez mcg...@suse.com wrote:
On Wed, Aug 26, 2015 at 03:33:04PM +0100, David Howells wrote:
Now let's review the
Luis R. Rodriguez mcg...@suse.com wrote:
PKCS#7: Add an optional authenticated attribute to hold firmware name
https://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/commit/?h=fwsign-pkcs7id=1448377a369993f864915743cfb34772e730213good
1.3.6.1.4.1.2312.16 Linux kernel
See http://www.infradead.org/rpr.html
Luis R. Rodriguez mcg...@suse.com wrote:
PKCS#7: Add an optional authenticated attribute to hold firmware name
https://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/commit/?h=fwsign-pkcs7id=1448377a369993f864915743cfb34772e730213good
On Thu, 2015-08-27 at 23:29 +0200, Luis R. Rodriguez wrote:
On Thu, Aug 27, 2015 at 10:57:23AM -, David Woodhouse wrote:
Luis R. Rodriguez mcg...@suse.com wrote:
PKCS#7: Add an optional authenticated attribute to hold firmware name
On Thu, Aug 27, 2015 at 5:29 PM, Luis R. Rodriguez mcg...@suse.com wrote:
On Thu, Aug 27, 2015 at 10:57:23AM -, David Woodhouse wrote:
SELinux uses: security_load_policy(data, len), refer to selinuxfs
sel_load_ops.
Since its write operation on its file_operation is sel_write_load() and
On Wed, Aug 26, 2015 at 03:33:04PM +0100, David Howells wrote:
Luis R. Rodriguez mcg...@suse.com wrote:
But note, we also have kexec_file_load() syscall and an arch specific
signature verification feature, arch_kexec_kernel_verify_sig().
Sad trombone, no LSM hook and only x86 supports
On Wed, Aug 26, 2015 at 7:26 PM, Luis R. Rodriguez mcg...@suse.com wrote:
On Wed, Aug 26, 2015 at 03:33:04PM +0100, David Howells wrote:
Now let's review the SELinux stuff before we jump back into firmware / system
data stuff again as there is a joint criteria to consider for all of these.
For
43 matches
Mail list logo