From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Date: Thu, 25 Apr 2019 11:55:50 +0000 Subject: Re: [PATCH v2] KEYS: Make use of platform keyring for module signature verify Message-Id: <1556193350.3894.92.camel@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="maccentraleurope" Content-Transfer-Encoding: base64 List-Id: References: <1556116431-7129-1-git-send-email-robeholmes@gmail.com> In-Reply-To: <1556116431-7129-1-git-send-email-robeholmes@gmail.com> To: Robert Holmes , jeyu@kernel.org, linux-kernel@vger.kernel.org Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, stable@vger.kernel.org T24gV2VkLCAyMDE5LTA0LTI0IGF0IDE0OjMzICswMDAwLCBSb2JlcnQgSG9sbWVzIHdyb3RlOgo+ IFRoaXMgcGF0Y2ggY29tcGxldGVzIGNvbW1pdCAyNzgzMTFlNDE3YmUgKCJrZXhlYywgS0VZUzog TWFrZSB1c2Ugb2YKPiBwbGF0Zm9ybSBrZXlyaW5nIGZvciBzaWduYXR1cmUgdmVyaWZ5Iikgd2hp Y2gsIHdoaWxlIGFkZGluZyB0aGUKPiBwbGF0Zm9ybSBrZXlyaW5nIGZvciBiekltYWdlIHZlcmlm aWNhdGlvbiwgbmVnbGVjdGVkIHRvIGFsc28gYWRkCj4gdGhpcyBrZXlyaW5nIGZvciBtb2R1bGUg dmVyaWZpY2F0aW9uLgo+IAo+IEFzIHN1Y2gsIGtlcm5lbCBtb2R1bGVzIHNpZ25lZCB3aXRoIGtl eXMgZnJvbSB0aGUgTW9rTGlzdCB2YXJpYWJsZQo+IHdlcmUgbm90IHN1Y2Nlc3NmdWxseSB2ZXJp ZmllZC4KClVzaW5nIHRoZSBwbGF0Zm9ybSBrZXlyaW5nIGtleXMgZm9yIHZlcmlmeWluZyBrZXJu ZWwgbW9kdWxlcyB3YXMgbm90Cm5lZ2xlY3RlZCwgYnV0IHJhdGhlciBpbnRlbnRpb25hbC4gwqBU aGlzIHBhdGNoIGRlc2NyaXB0aW9uIHNob3VsZApjbGVhcmx5IGV4cGxhaW4gdGhlIHJlYXNvbiBm b3IgbmVlZGluZyB0byB2ZXJpZnkga2VybmVsIG1vZHVsZQpzaWduYXR1cmVzIGJhc2VkIG9uIHRo ZSBwcmUtYm9vdCBrZXlzLiDCoChIaW50OiB2ZXJpZnlpbmcga2VybmVsCm1vZHVsZXMgYmFzZWQg b24gdGhlIHByZS1ib290IGtleXMgd2FzIHByZXZpb3VzbHkgcmVqZWN0ZWQuKQoKTWltaQoKPiAK PiBTaWduZWQtb2ZmLWJ5OiBSb2JlcnQgSG9sbWVzIDxyb2JlaG9sbWVzQGdtYWlsLmNvbT4KPiBD YzogbGludXgtaW50ZWdyaXR5QHZnZXIua2VybmVsLm9yZwo+IENjOiBrZXlyaW5nc0B2Z2VyLmtl cm5lbC5vcmcKPiBDYzogc3RhYmxlQHZnZXIua2VybmVsLm9yZwo+IC0tLQo+ICBrZXJuZWwvbW9k dWxlX3NpZ25pbmcuYyB8IDE2ICsrKysrKysrKysrKy0tLS0KPiAgMSBmaWxlIGNoYW5nZWQsIDEy IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCj4gCj4gZGlmZiAtLWdpdCBhL2tlcm5lbC9t b2R1bGVfc2lnbmluZy5jIGIva2VybmVsL21vZHVsZV9zaWduaW5nLmMKPiBpbmRleCA2YjlhOTI2 ZmQ4NmIuLmNmOTQyMjBlOTE1NCAxMDA2NDQKPiAtLS0gYS9rZXJuZWwvbW9kdWxlX3NpZ25pbmcu Ywo+ICsrKyBiL2tlcm5lbC9tb2R1bGVfc2lnbmluZy5jCj4gQEAgLTQ5LDYgKzQ5LDcgQEAgaW50 IG1vZF92ZXJpZnlfc2lnKGNvbnN0IHZvaWQgKm1vZCwgc3RydWN0IGxvYWRfaW5mbyAqaW5mbykK PiAgewo+ICAJc3RydWN0IG1vZHVsZV9zaWduYXR1cmUgbXM7Cj4gIAlzaXplX3Qgc2lnX2xlbiwg bW9kbGVuID0gaW5mby0+bGVuOwo+ICsJaW50IHJldDsKPiAKPiAgCXByX2RldmVsKCI9PiVzKCwl enUpXG4iLCBfX2Z1bmNfXywgbW9kbGVuKTsKPiAKPiBAQCAtODIsOCArODMsMTUgQEAgaW50IG1v ZF92ZXJpZnlfc2lnKGNvbnN0IHZvaWQgKm1vZCwgc3RydWN0IGxvYWRfaW5mbyAqaW5mbykKPiAg CQlyZXR1cm4gLUVCQURNU0c7Cj4gIAl9Cj4gCj4gLQlyZXR1cm4gdmVyaWZ5X3BrY3M3X3NpZ25h dHVyZShtb2QsIG1vZGxlbiwgbW9kICsgbW9kbGVuLCBzaWdfbGVuLAo+IC0JCQkJICAgICAgVkVS SUZZX1VTRV9TRUNPTkRBUllfS0VZUklORywKPiAtCQkJCSAgICAgIFZFUklGWUlOR19NT0RVTEVf U0lHTkFUVVJFLAo+IC0JCQkJICAgICAgTlVMTCwgTlVMTCk7Cj4gKwlyZXQgPSB2ZXJpZnlfcGtj czdfc2lnbmF0dXJlKG1vZCwgbW9kbGVuLCBtb2QgKyBtb2RsZW4sIHNpZ19sZW4sCj4gKwkJCQkg ICAgIFZFUklGWV9VU0VfU0VDT05EQVJZX0tFWVJJTkcsCj4gKwkJCQkgICAgIFZFUklGWUlOR19N T0RVTEVfU0lHTkFUVVJFLAo+ICsJCQkJICAgICBOVUxMLCBOVUxMKTsKPiArCWlmIChyZXQgPSAt RU5PS0VZICYmIElTX0VOQUJMRUQoQ09ORklHX0lOVEVHUklUWV9QTEFURk9STV9LRVlSSU5HKSkg ewo+ICsJCXJldCA9IHZlcmlmeV9wa2NzN19zaWduYXR1cmUobW9kLCBtb2RsZW4sIG1vZCArIG1v ZGxlbiwgc2lnX2xlbiwKPiArCQkJCQkgICAgIFZFUklGWV9VU0VfUExBVEZPUk1fS0VZUklORywK PiArCQkJCQkgICAgIFZFUklGWUlOR19NT0RVTEVfU0lHTkFUVVJFLAo+ICsJCQkJCSAgICAgTlVM TCwgTlVMTCk7Cj4gKwl9Cj4gKwlyZXR1cm4gcmV0Owo+ICB9Cg== From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70902C282E3 for ; Thu, 25 Apr 2019 11:56:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 43EB9217FA for ; Thu, 25 Apr 2019 11:56:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387504AbfDYL4W (ORCPT ); Thu, 25 Apr 2019 07:56:22 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:45882 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S2387447AbfDYL4V (ORCPT ); Thu, 25 Apr 2019 07:56:21 -0400 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x3PBpFP3083083 for ; Thu, 25 Apr 2019 07:56:20 -0400 Received: from e06smtp01.uk.ibm.com (e06smtp01.uk.ibm.com [195.75.94.97]) by mx0b-001b2d01.pphosted.com with ESMTP id 2s3a8epawb-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 25 Apr 2019 07:56:20 -0400 Received: from localhost by e06smtp01.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 25 Apr 2019 12:56:18 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp01.uk.ibm.com (192.168.101.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 25 Apr 2019 12:56:03 +0100 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x3PBu2w229949952 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 25 Apr 2019 11:56:02 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 7061052051; Thu, 25 Apr 2019 11:56:02 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.95.60]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 9D1F35204F; Thu, 25 Apr 2019 11:56:01 +0000 (GMT) Subject: Re: [PATCH v2] KEYS: Make use of platform keyring for module signature verify From: Mimi Zohar To: Robert Holmes , jeyu@kernel.org, linux-kernel@vger.kernel.org Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, stable@vger.kernel.org Date: Thu, 25 Apr 2019 07:55:50 -0400 In-Reply-To: <1556116431-7129-1-git-send-email-robeholmes@gmail.com> References: <1556116431-7129-1-git-send-email-robeholmes@gmail.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19042511-4275-0000-0000-0000032D92EA X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19042511-4276-0000-0000-0000383CDF76 Message-Id: <1556193350.3894.92.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-04-25_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904250076 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Wed, 2019-04-24 at 14:33 +0000, Robert Holmes wrote: > This patch completes commit 278311e417be ("kexec, KEYS: Make use of > platform keyring for signature verify") which, while adding the > platform keyring for bzImage verification, neglected to also add > this keyring for module verification. > > As such, kernel modules signed with keys from the MokList variable > were not successfully verified. Using the platform keyring keys for verifying kernel modules was not neglected, but rather intentional.  This patch description should clearly explain the reason for needing to verify kernel module signatures based on the pre-boot keys.  (Hint: verifying kernel modules based on the pre-boot keys was previously rejected.) Mimi > > Signed-off-by: Robert Holmes > Cc: linux-integrity@vger.kernel.org > Cc: keyrings@vger.kernel.org > Cc: stable@vger.kernel.org > --- > kernel/module_signing.c | 16 ++++++++++++---- > 1 file changed, 12 insertions(+), 4 deletions(-) > > diff --git a/kernel/module_signing.c b/kernel/module_signing.c > index 6b9a926fd86b..cf94220e9154 100644 > --- a/kernel/module_signing.c > +++ b/kernel/module_signing.c > @@ -49,6 +49,7 @@ int mod_verify_sig(const void *mod, struct load_info *info) > { > struct module_signature ms; > size_t sig_len, modlen = info->len; > + int ret; > > pr_devel("==>%s(,%zu)\n", __func__, modlen); > > @@ -82,8 +83,15 @@ int mod_verify_sig(const void *mod, struct load_info *info) > return -EBADMSG; > } > > - return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, > - VERIFY_USE_SECONDARY_KEYRING, > - VERIFYING_MODULE_SIGNATURE, > - NULL, NULL); > + ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, > + VERIFY_USE_SECONDARY_KEYRING, > + VERIFYING_MODULE_SIGNATURE, > + NULL, NULL); > + if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { > + ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, > + VERIFY_USE_PLATFORM_KEYRING, > + VERIFYING_MODULE_SIGNATURE, > + NULL, NULL); > + } > + return ret; > }