Re: MODSIGN without RTC? - Alexander Holler

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alexander Holler <holler@ahsoftware.de>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: linux-kernel@vger.kernel.org,
	Herbert Xu <herbert@gondor.hengli.com.au>,
	David Miller <davem@davemloft.net>,
	Rusty Russell <rusty@rustcorp.com.au>,
	David Howells <dhowells@redhat.com>
Subject: Re: MODSIGN without RTC?
Date: Thu, 07 Feb 2013 11:54:32 +0100	[thread overview]
Message-ID: <511387E8.50908@ahsoftware.de> (raw)
In-Reply-To: <51135137.4010003@ahsoftware.de>

Am 07.02.2013 08:01, schrieb Alexander Holler:
> Am 07.02.2013 07:42, schrieb Geert Uytterhoeven:
>> On Thu, Feb 7, 2013 at 2:06 AM, Alexander Holler <holler@ahsoftware.de> wrote:
>>> Am 07.02.2013 00:42, schrieb Alexander Holler:
>>>> I wanted to try out MODSIGN with kernel 3.7.6 and I've just got hit by:
>>>>
>>>> [    1.346445] X.509: Cert 6a23533cec71c4c52a1618fb4d830e06aa90474e is
>>>> not yet valid
>>>>
>>>> The reason is likely that the (ARM) device in question doesn't have a
>>>> RTC (oh, that topic again ;) ) and gets it's time on boot through NTP.
>>>>
>>>> The used certificate was generated automatically. Having a look at it,
>>>> the following is shown:
>>>>
>>>>          Validity
>>>>               Not Before: Feb  6 02:56:46 2013 GMT
>>>>               Not After : Jan 13 02:56:46 2113 GMT
>>>>
>>>> Without having thought about possible security problems, my first idea
>>>> would be to let the validity start at 1970. As I never did such I never
>>>> had thought about possible implications when doing such (e.g. I don't
>>>> know if someone checks the start date for plausabilitiy)
>>>>
>>>> Another solution would be to retry loading of the certificate if the
>>>> time gets set (and e.g. differs more than a year).
>>>>
>>>> Has someone already thought about how to solve that problem? Or did
>>>> everyone use sane systems which have a (working) RTC?
>>>
>>>
>>> Another option would be to make a configure option to just ignore the date.
>>
>> Or an option to auto-advance the clock to the "Not Before" date if needed...
>>
>>> I'm not sure if I would like to use MODSIGN when I have to fear that the
>>> machine wouldn't start when the RTC fails or got set to a wrong date.
>>
>> Hmm, nice failure mode...
>
> And the dream of every vendor, finally a working expiration date. And a
> nice TV-B-Gone, just feed a wrong date once. ;)

I've digged a bit around about how to disable the date check, but then 
decided that I shouldn't try to implement that 
(CONFIG_MODSIGN_IGNORE_DATES) because of missing knowledge about the 
(usage of) crypto-api.

I think adding attributes to the key and the parsed key like bool 
ingore_dates and bool parsed_dates_invalid might be an option. Using 
such x509_key_preparse() could just set parsed_dates_invalid instead of 
returning with -EKEYREJECTED or -EKEYEXPIRED, if it encounters invalid 
dates.

Regards,

Alexander

next prev parent reply	other threads:[~2013-02-07 10:56 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-02-06 23:42 MODSIGN without RTC? Alexander Holler
2013-02-07  1:06 ` Alexander Holler
2013-02-07  6:42   ` Geert Uytterhoeven
2013-02-07  7:01     ` Alexander Holler
2013-02-07 10:54       ` Alexander Holler [this message]
2013-02-13  9:30       ` Alexander Holler
2013-02-07 18:44   ` Olaf Titz
2013-02-11 19:44     ` Alexander Holler
2013-02-12 13:00       ` Alexander Holler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=511387E8.50908@ahsoftware.de \
    --to=holler@ahsoftware.de \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=geert@linux-m68k.org \
    --cc=herbert@gondor.hengli.com.au \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rusty@rustcorp.com.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.