Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756738AbbEVH5P (ORCPT <rfc822;w@1wt.eu>);
	Fri, 22 May 2015 03:57:15 -0400
Received: from mx1.redhat.com ([209.132.183.28]:52737 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1756579AbbEVH5L (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 22 May 2015 03:57:11 -0400
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
	Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
	Kingdom.
	Registered in England and Wales under Company Registration No. 3798903
From: David Howells <dhowells@redhat.com>
In-Reply-To: <CALCETrWXbBDJTadj0vHT0v5mMWJ6Uop_nMJn02Wa5EZFUbOgUw@mail.gmail.com>
References: <CALCETrWXbBDJTadj0vHT0v5mMWJ6Uop_nMJn02Wa5EZFUbOgUw@mail.gmail.com> <CALCETrUt+OO8sk=7j+rBToHujV7ONDzQ1Z6UMJ9HHUB44Jmtpw@mail.gmail.com> <20150520162059.GC10473@localhost> <20150521213829.GH23057@wotan.suse.de> <CALCETrUvf==bxwx80PT=F4bmZ4-BZVA47H_oh2t9mhgM4z8wmg@mail.gmail.com> <CAB=NE6UurGCp6QF992nTPW-QPQcpF9_O7LDxKsWToFTeWApy_w@mail.gmail.com> <CALCETrUC5DAz4vths-zxOb6py-M1bfWVF21_145K89wFiuM60g@mail.gmail.com> <CAB=NE6VZ56JAq+6+DbfedP7uz5Uy=SkKnXe1QGhFG1dBy684fw@mail.gmail.com> <CALCETrXe2kdP73LhND9svDsuSwhok+661-B775Xk_=kOtoZfYQ@mail.gmail.com> <CAB=NE6XTKOJoug94NaOGscjn8pVLXZrmLUFAkoUWzs0Sjt2dMg@mail.gmail.com> <CALCETrV70hso2y=oJFSaQoaxtfThsCa31EeNfWLdMA36kBXbAg@mail.gmail.com> <20150521230105.GL23057@wotan.suse.de>
To: Andy Lutomirski <luto@amacapital.net>
Cc: dhowells@redhat.com, "Luis R. Rodriguez" <mcgrof@suse.com>,
        Andy Lutomirski <luto@kernel.org>,
        Rusty Russell <rusty@rustcorp.com.au>, Michal Marek <mmarek@suse.cz>,
        Matthew Garrett <mjg59@srcf.ucam.org>, keyrings@linux-nfs.org,
        Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Seth Forshee <seth.forshee@canonical.com>,
        LSM List <linux-security-module@vger.kernel.org>,
        David Woodhouse <dwmw2@infradead.org>
Subject: Re: [PATCH 0/8] MODSIGN: Use PKCS#7 for module signatures [ver #4]
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <32618.1432281384.1@warthog.procyon.org.uk>
Date: Fri, 22 May 2015 08:56:24 +0100
Message-ID: <32619.1432281384@warthog.procyon.org.uk>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1212
Lines: 26

Andy Lutomirski <luto@amacapital.net> wrote:

> Without tagging the purpose of the signed file, you simply don't have
> a cryptographic guarantee of that.  The bad guy can load something
> else that was signed for an entirely different purpose into the wrong
> device, possibly crashing it, causing buffer overflows because the
> format is wrong, or doing any number of other bad things.

One suggestion David Woodhouse made with regard to tagging is that the tag
could just be added into the digest before it is signed/verified and not
actually stored in the signature.

This means that if you try loading the firmware for the wrong request, the
signature verification will fail.

It's an interesting approach that's simple to achieve, but it has the downside
that the signature will be invalid in the mismatch situation and you can't
tell whether it's because the module is being misused or the signature is just
wrong.  However, that might be livable with.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/