From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: "Kasatkin, Dmitry" <dmitry.kasatkin@intel.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>,
David Howells <dhowells@redhat.com>,
jmorris@namei.org, keyrings@linux-nfs.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [RFC] module: signature infrastructure
Date: Tue, 04 Sep 2012 09:40:48 -0400 [thread overview]
Message-ID: <1346766048.2384.37.camel@falcor> (raw)
In-Reply-To: <CALLzPKYO7KyiZpC4uUy+4VueLiVM0YqphtAVBhRd1VW_AryyQw@mail.gmail.com>
On Tue, 2012-09-04 at 15:21 +0300, Kasatkin, Dmitry wrote:
> On Tue, Sep 4, 2012 at 3:07 PM, Kasatkin, Dmitry
> <dmitry.kasatkin@intel.com> wrote:
> > Hi,
> >
> > Please read bellow...
> >
> > On Tue, Sep 4, 2012 at 8:55 AM, Rusty Russell <rusty@rustcorp.com.au> wrote:
> >> OK, I took a look at the module.c parts of David and Dmitry's patchsets,
> >> and didn't really like either, but I stole parts of David's to make
> >> this.
> >>
> >> So, here's the module.c part of module signing. I hope you two got time
> >> to discuss the signature format details?
The integrity subsystem currently defines 3 extended attribute formats
in security/integrity.h.
enum evm_ima_xattr_type {
IMA_XATTR_DIGEST = 0x01,
EVM_XATTR_HMAC,
EVM_IMA_XATTR_DIGSIG,
};
integrity_digsig_verify() is called to appraise EVM signatures stored as
EVM_IMA_XATTR_DIGSIG. In Dmitry's patches, this same call is used to
appraise modules. If you decide to define a new format, it should be
included here as well.
> Mimi suggested a scheme where
> >> the private key would never be saved on disk (even temporarily), but I
> >> didn't see patches. Frankly it's something we can do later; let's aim
> >> at getting the format right for the next merge window.
Right, the key is a build issue, which doesn't affect the format.
> > In our patches key is stored on the disc in encrypted format...
An updated version of Dmitry's patches are in the 'modsig' branch of
git://git.kernel.org/pub/scm/linux/kernel/git/kasatkin/linux-digsig. For
now, although commit 59f1d53 "modsig: build rules and scripts to
generate keys and sign modules" writes the ephemeral key to disk, it is
encrypted.
thanks,
Mimi
next prev parent reply other threads:[~2012-09-04 13:43 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-16 1:34 [PATCH 00/25] Crypto keys and module signing David Howells
2012-08-16 1:34 ` [PATCH 01/25] KEYS: Add payload preparsing opportunity prior to key instantiate or update David Howells
2012-08-16 1:34 ` [PATCH 02/25] MPILIB: Provide count_leading/trailing_zeros() based on arch functions David Howells
2012-09-10 7:13 ` Kasatkin, Dmitry
2012-09-13 5:14 ` James Morris
2012-09-13 14:09 ` Kasatkin, Dmitry
2012-08-16 1:34 ` [PATCH 03/25] KEYS: Create a key type that can be used for general cryptographic operations David Howells
2012-08-16 1:34 ` [PATCH 04/25] KEYS: Add signature verification facility David Howells
2012-08-16 1:35 ` [PATCH 05/25] KEYS: Asymmetric public-key algorithm crypto key subtype David Howells
2012-08-16 1:35 ` [PATCH 06/25] MPILIB: Reinstate mpi_cmp[_ui]() and export for RSA signature verification David Howells
2012-08-16 1:35 ` [PATCH 07/25] KEYS: RSA: Implement signature verification algorithm [PKCS#1 / RFC3447] David Howells
2012-08-16 1:35 ` [PATCH 08/25] KEYS: RSA: Fix signature verification for shorter signatures David Howells
2012-08-16 1:35 ` [PATCH 09/25] PGPLIB: PGP definitions (RFC 4880) David Howells
2012-08-16 1:36 ` [PATCH 10/25] PGPLIB: Basic packet parser David Howells
2012-08-16 1:36 ` [PATCH 11/25] PGPLIB: Signature parser David Howells
2012-08-16 1:36 ` [PATCH 12/25] KEYS: PGP data parser David Howells
2012-08-16 1:36 ` [PATCH 13/25] KEYS: PGP-based public key signature verification David Howells
2012-08-16 1:36 ` [PATCH 14/25] KEYS: PGP format signature parser David Howells
2012-08-16 1:36 ` [PATCH 15/25] KEYS: Provide PGP key description autogeneration David Howells
2012-08-16 1:37 ` [PATCH 16/25] KEYS: Provide a function to load keys from a PGP keyring blob David Howells
2012-08-16 1:37 ` [PATCH 17/25] MODSIGN: Provide gitignore and make clean rules for extra files David Howells
2012-08-16 1:37 ` [PATCH 18/25] MODSIGN: Provide Documentation and Kconfig options David Howells
2012-08-16 1:37 ` [PATCH 19/25] MODSIGN: Sign modules during the build process David Howells
2012-08-16 1:37 ` [PATCH 20/25] MODSIGN: Provide module signing public keys to the kernel David Howells
2012-08-31 14:33 ` Michal Marek
2012-08-16 1:38 ` [PATCH 21/25] MODSIGN: Module signature verification David Howells
2012-08-16 1:38 ` [PATCH 22/25] MODSIGN: Automatically generate module signing keys if missing David Howells
2012-08-16 1:38 ` [PATCH 23/25] MODSIGN: Panic the kernel if FIPS is enabled upon module signing failure David Howells
2012-08-16 1:38 ` [PATCH 24/25] MODSIGN: Allow modules to be signed with an unknown key unless enforcing David Howells
2012-08-16 1:38 ` [PATCH 25/25] MODSIGN: Fix documentation of signed-nokey behavior when not enforcing David Howells
2012-08-21 5:04 ` [PATCH 00/25] Crypto keys and module signing Rusty Russell
2012-08-22 10:50 ` David Howells
2012-08-22 11:52 ` Mimi Zohar
2012-08-22 16:07 ` Kasatkin, Dmitry
2012-09-04 5:55 ` [RFC] module: signature infrastructure Rusty Russell
2012-09-04 12:07 ` Kasatkin, Dmitry
2012-09-04 12:21 ` Kasatkin, Dmitry
2012-09-04 13:40 ` Mimi Zohar [this message]
2012-09-05 0:29 ` Rusty Russell
2012-09-05 13:34 ` Mimi Zohar
2012-09-06 2:05 ` Rusty Russell
2012-09-04 14:25 ` Lucas De Marchi
2012-09-04 15:04 ` Kasatkin, Dmitry
2012-09-04 22:51 ` David Howells
2012-09-04 23:17 ` Kasatkin, Dmitry
2012-09-05 0:19 ` Rusty Russell
2012-09-05 23:41 ` Lucas De Marchi
2012-09-06 7:55 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1346766048.2384.37.camel@falcor \
--to=zohar@linux.vnet.ibm.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@intel.com \
--cc=jmorris@namei.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox