From: zohar@linux.vnet.ibm.com (Mimi Zohar)
To: linux-security-module@vger.kernel.org
Subject: [RFC PATCH v2] fw_lockdown: new micro LSM module to prevent loading unsigned firmware
Date: Thu, 23 Nov 2017 06:55:36 -0500 [thread overview]
Message-ID: <1511438136.30063.52.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20171122185837.GG729@wotan.suse.de>
On Wed, 2017-11-22 at 19:58 +0100, Luis R. Rodriguez wrote:
> I've frankly have grown tired of pushing firmware signing just for the sake of
> the fact that I needed it for cfg80211, but now that its out of the way and
> we open coded it, its no longer a requirement on my part.
As the keys CFG80211_REQUIRE_SIGNED_REGDB are built into the kernel
image, they would be included in the kernel image signature.
As I previously asked?https://lkml.org/lkml/2017/11/15/679, how are
the keys located in the CFG80211_EXTRA_REGDB_KEYDIR keyring trusted?
?The keyring does not validate the certificate signatures, before
loading the keys on the firmware keyring. ?It explicitly bypasses the
certificate signature validation.
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: "Luis R. Rodriguez" <mcgrof@kernel.org>
Cc: Matthew Garrett <mjg59@google.com>,
David Howells <dhowells@redhat.com>,
One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>,
Marcus Meissner <meissner@suse.de>, Joey Lee <jlee@suse.com>,
Jeff Mahoney <jeffm@suse.com>, Jiri Kosina <jikos@kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
"AKASHI, Takahiro" <takahiro.akashi@linaro.org>,
Johannes Berg <johannes@sipsolutions.net>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Kees Cook <keescook@chromium.org>,
Stephen Boyd <stephen.boyd@linaro.org>,
Vikram Mulukutla <markivx@codeaurora.org>,
linux-kernel@vger.kernel.org,
linux-security-module <linux-security-module@vger.kernel.org>,
James Morris <jmorris@namei.org>
Subject: Re: [RFC PATCH v2] fw_lockdown: new micro LSM module to prevent loading unsigned firmware
Date: Thu, 23 Nov 2017 06:55:36 -0500 [thread overview]
Message-ID: <1511438136.30063.52.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20171122185837.GG729@wotan.suse.de>
On Wed, 2017-11-22 at 19:58 +0100, Luis R. Rodriguez wrote:
> I've frankly have grown tired of pushing firmware signing just for the sake of
> the fact that I needed it for cfg80211, but now that its out of the way and
> we open coded it, its no longer a requirement on my part.
As the keys CFG80211_REQUIRE_SIGNED_REGDB are built into the kernel
image, they would be included in the kernel image signature.
As I previously asked https://lkml.org/lkml/2017/11/15/679, how are
the keys located in the CFG80211_EXTRA_REGDB_KEYDIR keyring trusted?
The keyring does not validate the certificate signatures, before
loading the keys on the firmware keyring. It explicitly bypasses the
certificate signature validation.
Mimi
next prev parent reply other threads:[~2017-11-23 11:55 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-13 11:43 [RFC PATCH v2] fw_lockdown: new micro LSM module to prevent loading unsigned firmware Mimi Zohar
2017-11-13 19:05 ` Luis R. Rodriguez
2017-11-13 19:36 ` Mimi Zohar
2017-11-13 19:36 ` Mimi Zohar
2017-11-13 19:51 ` Luis R. Rodriguez
2017-11-13 19:51 ` Luis R. Rodriguez
2017-11-13 19:51 ` Luis R. Rodriguez
2017-11-13 20:11 ` Mimi Zohar
2017-11-13 20:11 ` Mimi Zohar
2017-11-13 20:18 ` Luis R. Rodriguez
2017-11-13 20:18 ` Luis R. Rodriguez
2017-11-13 20:18 ` Luis R. Rodriguez
2017-11-13 20:58 ` James Morris
2017-11-13 23:55 ` Luis R. Rodriguez
[not found] ` <1511220268.4729.134.camel@linux.vnet.ibm.com>
2017-11-22 18:58 ` [Fwd: [RFC PATCH v2] fw_lockdown: new micro LSM module to prevent loading unsigned firmware] Luis R. Rodriguez
2017-11-23 11:55 ` Mimi Zohar [this message]
2017-11-23 11:55 ` [RFC PATCH v2] fw_lockdown: new micro LSM module to prevent loading unsigned firmware Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1511438136.30063.52.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.