From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB674C2D0DB for ; Thu, 23 Jan 2020 16:50:23 +0000 (UTC) Received: from shelob.surriel.com (shelob.surriel.com [96.67.55.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 340F321569 for ; Thu, 23 Jan 2020 16:50:22 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 340F321569 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=vt.edu Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernelnewbies-bounces@kernelnewbies.org Received: from localhost ([::1] helo=shelob.surriel.com) by shelob.surriel.com with esmtp (Exim 4.92.3) (envelope-from ) id 1iuffo-0001TP-Uw; Thu, 23 Jan 2020 11:49:40 -0500 Received: from omr2.cc.ipv6.vt.edu ([2607:b400:92:8400:0:33:fb76:806e] helo=omr2.cc.vt.edu) by shelob.surriel.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1iuffm-0001TI-VV for kernelnewbies@kernelnewbies.org; Thu, 23 Jan 2020 11:49:39 -0500 Received: from mr5.cc.vt.edu (junk.cc.ipv6.vt.edu [IPv6:2607:b400:92:9:0:9d:8fcb:4116]) by omr2.cc.vt.edu (8.14.4/8.14.4) with ESMTP id 00NGnZIo001128 for ; Thu, 23 Jan 2020 11:49:37 -0500 Received: from mail-qt1-f200.google.com (mail-qt1-f200.google.com [209.85.160.200]) by mr5.cc.vt.edu (8.14.7/8.14.7) with ESMTP id 00NGnT80015154 for ; Thu, 23 Jan 2020 11:49:35 -0500 Received: by mail-qt1-f200.google.com with SMTP id l25so2467862qtu.0 for ; Thu, 23 Jan 2020 08:49:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :mime-version:content-transfer-encoding:date:message-id; bh=ne405xU9EYLsktkvOxz5jhJ4btGpuSHFa6TLm5esXDQ=; b=L1+E+BV8KbH8vW0YvZm0TLtWnLJKDMn3WMJsLfRhDulzRv1YbQUYu+LEaon3ti5nTW hCtflABQFOHuyDLHiwGX4hw+ZGc8zkr4DYkT5SxbTIgaKU8AF99j28zagyRvkBGEjmEw FtrOsz0J4J8M+NLGnDJosV/8KYH7/CZo9MQYqwtlfVfX0w0A+SqcInR/ufqrk2hSkU4/ SAg5ui7b4eO7Y4WMqbd4YbhcG67Xx2+f38ur6WLQO1dllpX3uKC4tKbZZ8m7q3h0V4oo B43GPUU176nRpsbv1k4Qy+WHzDNOF5VX92RP/87fmIu0Lx4QEDAR4ryoX5qAtFt9ttPA /j3w== X-Gm-Message-State: APjAAAVjymzmKDt7S30Bre13Tmb4g/n82c1hlw+IPBTfOG8lZ0LCloJ+ cc4wqYoHMwKNdFi2X0JxYpZTXdupovZbpIq4U4PVSRgfmmmPqFMnYQSIqG2Jn8Ym90/LIaWDmya jKOLMdySQ/YHqWuMGIUjhK3dCeK8e2dO4rSfuO6k= X-Received: by 2002:ac8:1e05:: with SMTP id n5mr16989407qtl.227.1579798169735; Thu, 23 Jan 2020 08:49:29 -0800 (PST) X-Google-Smtp-Source: APXvYqw14TJ3zMLhTvgl5u8law+DHKCWz8RSiqLu8CyX/5YidOP72noTb4vIrAuSvjHJiLW9oWF0zg== X-Received: by 2002:ac8:1e05:: with SMTP id n5mr16989367qtl.227.1579798169376; Thu, 23 Jan 2020 08:49:29 -0800 (PST) Received: from turing-police ([2601:5c0:c001:c9e1::359]) by smtp.gmail.com with ESMTPSA id b24sm1176621qto.71.2020.01.23.08.49.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Jan 2020 08:49:27 -0800 (PST) From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" X-Google-Original-From: "Valdis Kl=?utf-8?Q?=c4=93?=tnieks" X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7+dev To: WyoFlippa Subject: Re: Kernel drivers and IOCTLs In-Reply-To: <8969dfce-a295-c351-201c-4d8a0e90ac58@gmail.com> References: <8969dfce-a295-c351-201c-4d8a0e90ac58@gmail.com> Mime-Version: 1.0 Date: Thu, 23 Jan 2020 11:49:26 -0500 Message-ID: <44531.1579798166@turing-police> Cc: kernelnewbies@kernelnewbies.org X-BeenThere: kernelnewbies@kernelnewbies.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Learn about the Linux kernel List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============7455484210780833888==" Errors-To: kernelnewbies-bounces@kernelnewbies.org --===============7455484210780833888== Content-Type: multipart/signed; boundary="==_Exmh_1579798166_3607P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit --==_Exmh_1579798166_3607P Content-Type: text/plain; charset=us-ascii On Tue, 21 Jan 2020 22:27:01 -0600, WyoFlippa said: > I'm working on a driver that would verify a Linux or U-Boot image is > secure and I need to pass parameters such as the public key, starting > address, etc. This is actually a lot harder to do properly than it looks, especially if you're trying to export the information to userspace - a compromised kernel can simply hijack your ioctl or /proc or /sys file and output that it's not compromised. You can't even easily use public/private keys to sign the statement it's not compromised, because if the legit kernel has access to the public key, the compromised code probably does too..... And if you're defending against sufficiently well-financed attackers, it may even be difficult for a driver to verify the rest of the kernel isn't compromised. As a fairly obvious attack, consider a kernel with 2 sets of page table mappings. First, a set that contains the original kernel code and is mapped in when your driver is executing, and then the *real* set that maps in other physical pages containing the skullduggery code, which gets mapped in when there's something evil being done.... So what *actual* problem are you trying to solve by using a driver to verify the image is "secure" (which needs further definition, but you probably already knew that if your skill level is up to doing this right...)? In particular, what are you trying to do that various secure boot schemes don't address? --==_Exmh_1579798166_3607P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Comment: Exmh version 2.9.0 11/07/2018 iQIVAwUBXinOlgdmEQWDXROgAQLVThAArx853bdyerzlcFocj5/aaO9pOq/dUUwm tkRmeZW4DsOY3WIVMQO5B/yncp3XIHC5mFoDV0jo9lMxewEejG1agNOctH1me3Kg US2gIYt4svY3TqXlCyyc6PD0naWUoNd0UTkgNnmXpWBo/l9VDjRsqQ3UUQPlYlWN V1YiETkWXN0pz0Xz1WwcYrASbZZ1jld2KuK3oMUHA4+nHtJUhc+W7Z+GdFOL5Ldm mj6Rir0cHNdkixdznUeHOonVsIwhe+zCBeQb0ppNA3R63AHM1q/S8usqb78ejV5m 6eSTIJo4dQbYRvzQpUv5avAp0VZMmqJC9nDc8h3Q2wkQBBm9y+ERSynN+3/X0INy 6i5kyOpx3FHAq3T1xYF3ztGWrvnqogmgXIk3/ad4eb7ij1VbO2gExyQSzBf8f6kM z/WA0oqf7cZhZLEgK2YHv6ZwPig6mhi1CkEeCgUq2y+1Vn1UYN9LA32c1zXJyE1+ wQnOfgjSDm3bUh16/o9GqBZ+rrDkkQSMQ53Fkfdjzb6cstKuII62vJu88VFb/lx2 miyjn3yGvlEG6HrD/XL7ZGQS+S3gJLitb4ahn8kEhJs7+Fth1o+OqhpY4krcvgDL bDLcWIHuxdQJEunwi276ySnOl5EofhOGIfhVios4WJOClXTgxIPYcYwlVIHCZJ35 fXtSY69bqOc= =naP/ -----END PGP SIGNATURE----- --==_Exmh_1579798166_3607P-- --===============7455484210780833888== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Kernelnewbies mailing list Kernelnewbies@kernelnewbies.org https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies --===============7455484210780833888==--