From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Howells Subject: Re: [GIT PULL] Asymmetric keys and module signing Date: Wed, 26 Sep 2012 10:09:35 +0100 Message-ID: <8168.1348650575@warthog.procyon.org.uk> References: <87ehlp30pd.fsf@rustcorp.com.au> <5555.1348531649@warthog.procyon.org.uk> Cc: dhowells@redhat.com, herbert@gondor.hengli.com.au, pjones@redhat.com, jwboyer@redhat.com, linux-crypto@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, keyrings@linux-nfs.org To: Rusty Russell Return-path: Received: from mx1.redhat.com ([209.132.183.28]:26657 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753325Ab2IZJJs (ORCPT ); Wed, 26 Sep 2012 05:09:48 -0400 In-Reply-To: <87ehlp30pd.fsf@rustcorp.com.au> Sender: linux-crypto-owner@vger.kernel.org List-ID: Rusty Russell wrote: > We do a very simple search for a particular string appended to the module > (which is cache-hot and about to be SHA'd anyway). There's both a config > option and a boot parameter which control whether we accept (and taint) or > fail with unsigned modules. I've adjusted your patch description to this: We do a very simple search for a particular string appended to the module (which is cache-hot and about to be SHA'd anyway). There's both a config option and a boot parameter which control whether we accept or fail with unsigned modules and modules that are signed with an unknown key. If module signing is enabled, the kernel will be tainted if a module is accepted that is unsigned or has a signature for which we don't have the key. I think it's worth mentioning the policy for unknown keys and worth making clear under what circumstances we mean the kernel to be tainted. David