Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752603AbbETBSZ (ORCPT <rfc822;w@1wt.eu>);
	Tue, 19 May 2015 21:18:25 -0400
Received: from ip-203-192-156-9.asianetcom.net ([203.192.156.9]:36454 "EHLO
	amd.suse.cz" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org
	with ESMTP id S1752154AbbETBRv (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 19 May 2015 21:17:51 -0400
X-Greylist: delayed 541 seconds by postgrey-1.27 at vger.kernel.org; Tue, 19 May 2015 21:17:50 EDT
From: Michal Marek <mmarek@suse.cz>
To: dhowells@redhat.com
Cc: torvalds@linux-foundation.org, aricart@memnix.com,
        linux-kernel@vger.kernel.org, sedat.dilek@gmail.com,
        keyrings@linux-nfs.org, rusty@rustcorp.com.au,
        linux-security-module@vger.kernel.org, james.l.morris@oracle.com,
        dwmw2@infradead.org
Subject: [PATCH 3/3] MODSIGN: Split user-supplied and autogenerated signing key
Date: Wed, 20 May 2015 09:08:40 +0800
Message-Id: <1432084120-7918-3-git-send-email-mmarek@suse.cz>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1432084120-7918-1-git-send-email-mmarek@suse.cz>
References: <18832.1432044859.1@warthog.procyon.org.uk>
 <1432084120-7918-1-git-send-email-mmarek@suse.cz>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 6279
Lines: 161

Allow the users to place signing_key.{x509,priv} and x509.genkey in the
source tree. If any of these files is missing, generate the file in the
build tree with an .auto suffix. This avoids problems with overwriting
user-supplied files.

Signed-off-by: Michal Marek <mmarek@suse.cz>
---
 .gitignore                       |  2 ++
 Documentation/module-signing.txt | 10 ++++++---
 Makefile                         |  5 +++--
 kernel/Makefile                  | 46 ++++++++++++++++++++--------------------
 4 files changed, 35 insertions(+), 28 deletions(-)

diff --git a/.gitignore b/.gitignore
index 4ad4a98..92b9bc8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -100,6 +100,8 @@ extra_certificates
 signing_key.priv
 signing_key.x509
 x509.genkey
+signing_key.*.auto
+x509.genkey.auto
 
 # Kconfig presets
 all.config
diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt
index c72702e..74121fb 100644
--- a/Documentation/module-signing.txt
+++ b/Documentation/module-signing.txt
@@ -100,18 +100,22 @@ it can be deleted or stored securely.  The public key gets built into the
 kernel so that it can be used to check the signatures as the modules are
 loaded.
 
-Under normal conditions, the kernel build will automatically generate a new
-keypair using openssl if one does not exist in the files:
+The kernel expects the keypair to be stored in the files:
 
 	signing_key.priv
 	signing_key.x509
 
+If the keypair is not supplied, the kernel will generate it as:
+
+	signing_key.priv.auto
+	signing_key.x509.auto
+
 during the building of vmlinux (the public part of the key needs to be built
 into vmlinux) using parameters in the:
 
 	x509.genkey
 
-file (which is also generated if it does not already exist).
+file (which, if not supplied, is also generated as x509.genkey.auto).
 
 It is strongly recommended that you provide your own x509.genkey file.
 
diff --git a/Makefile b/Makefile
index 2da553f..f46e76a 100644
--- a/Makefile
+++ b/Makefile
@@ -872,8 +872,8 @@ INITRD_COMPRESS-$(CONFIG_RD_LZ4)   := lz4
 # export INITRD_COMPRESS := $(INITRD_COMPRESS-y)
 
 ifdef CONFIG_MODULE_SIG_ALL
-MODSECKEY = ./signing_key.priv
-MODPUBKEY = ./signing_key.x509
+MODSECKEY = $(firstword $(wildcard $(srctree)/signing_key.priv) ./signing_key.priv.auto)
+MODPUBKEY = $(firstword $(wildcard $(srctree)/signing_key.x509) ./signing_key.x509.auto)
 export MODPUBKEY
 mod_sign_cmd = perl $(srctree)/scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY)
 else
@@ -1176,6 +1176,7 @@ MRPROPER_DIRS  += include/config usr/include include/generated          \
 MRPROPER_FILES += .config .config.old .version .old_version \
 		  Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
 		  signing_key.priv signing_key.x509 x509.genkey		\
+		  signing_key.*.auto x509.genkey.auto			\
 		  extra_certificates signing_key.x509.keyid		\
 		  signing_key.x509.signer vmlinux-gdb.py
 
diff --git a/kernel/Makefile b/kernel/Makefile
index 3177160..58e6ca7 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -126,7 +126,7 @@ $(obj)/config_data.h: $(obj)/config_data.gz FORCE
 ###############################################################################
 ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
 X509_CERTIFICATES-y := $(wildcard *.x509)
-X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += signing_key.x509
+X509_CERTIFICATES-$(CONFIG_MODULE_SIG) += $(if $(wildcard $(srctree)/signing_key.x509),,signing_key.x509.auto)
 X509_CERTIFICATES := $(sort $(X509_CERTIFICATES-y))
 ifneq ($(objtree),$(srctree))
 X509_CERTIFICATES += $(sort $(wildcard $(srctree)/*.x509))
@@ -167,7 +167,7 @@ ifndef CONFIG_MODULE_SIG_HASH
 $(error Could not determine digest type to use from kernel config)
 endif
 
-signing_key.priv signing_key.x509: x509.genkey
+signing_key.priv.auto signing_key.x509.auto: $(firstword $(wildcard $(srctree)/x509.genkey) x509.genkey.auto)
 	@echo "###"
 	@echo "### Now generating an X.509 key pair to be used for signing modules."
 	@echo "###"
@@ -177,30 +177,30 @@ signing_key.priv signing_key.x509: x509.genkey
 	@echo "### number generator if one is available."
 	@echo "###"
 	openssl req -new -nodes -utf8 -$(CONFIG_MODULE_SIG_HASH) -days 36500 \
-		-batch -x509 -config x509.genkey \
-		-outform DER -out signing_key.x509 \
-		-keyout signing_key.priv 2>&1
+		-batch -x509 -config $< \
+		-outform DER -out signing_key.x509.auto \
+		-keyout signing_key.priv.auto 2>&1
 	@echo "###"
 	@echo "### Key pair generated."
 	@echo "###"
 
-x509.genkey:
+x509.genkey.auto:
 	@echo Generating X.509 key generation config
-	@echo  >x509.genkey "[ req ]"
-	@echo >>x509.genkey "default_bits = 4096"
-	@echo >>x509.genkey "distinguished_name = req_distinguished_name"
-	@echo >>x509.genkey "prompt = no"
-	@echo >>x509.genkey "string_mask = utf8only"
-	@echo >>x509.genkey "x509_extensions = myexts"
-	@echo >>x509.genkey
-	@echo >>x509.genkey "[ req_distinguished_name ]"
-	@echo >>x509.genkey "#O = Unspecified company"
-	@echo >>x509.genkey "CN = Build time autogenerated kernel key"
-	@echo >>x509.genkey "#emailAddress = unspecified.user@unspecified.company"
-	@echo >>x509.genkey
-	@echo >>x509.genkey "[ myexts ]"
-	@echo >>x509.genkey "basicConstraints=critical,CA:FALSE"
-	@echo >>x509.genkey "keyUsage=digitalSignature"
-	@echo >>x509.genkey "subjectKeyIdentifier=hash"
-	@echo >>x509.genkey "authorityKeyIdentifier=keyid"
+	@echo  >$@ "[ req ]"
+	@echo >>$@ "default_bits = 4096"
+	@echo >>$@ "distinguished_name = req_distinguished_name"
+	@echo >>$@ "prompt = no"
+	@echo >>$@ "string_mask = utf8only"
+	@echo >>$@ "x509_extensions = myexts"
+	@echo >>$@
+	@echo >>$@ "[ req_distinguished_name ]"
+	@echo >>$@ "#O = Unspecified company"
+	@echo >>$@ "CN = Build time autogenerated kernel key"
+	@echo >>$@ "#emailAddress = unspecified.user@unspecified.company"
+	@echo >>$@
+	@echo >>$@ "[ myexts ]"
+	@echo >>$@ "basicConstraints=critical,CA:FALSE"
+	@echo >>$@ "keyUsage=digitalSignature"
+	@echo >>$@ "subjectKeyIdentifier=hash"
+	@echo >>$@ "authorityKeyIdentifier=keyid"
 endif
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/