Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752297AbcDWSpQ (ORCPT ); Sat, 23 Apr 2016 14:45:16 -0400 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:33860 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752241AbcDWSpO (ORCPT ); Sat, 23 Apr 2016 14:45:14 -0400 Date: Sat, 23 Apr 2016 19:45:09 +0100 From: Ben Hutchings To: Rusty Russell Cc: David Howells , David Woodhouse , keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Message-ID: <20160423184508.GN3348@decadent.org.uk> References: <20160423184421.GL3348@decadent.org.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Pjk796cY0SfIo9Z2" Content-Disposition: inline In-Reply-To: <20160423184421.GL3348@decadent.org.uk> User-Agent: Mutt/1.5.23 (2014-03-12) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: ben@decadent.org.uk Subject: [PATCH 2/3] Documentation/module-signing.txt: Note need for version info if reusing a key X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000) X-SA-Exim-Scanned: Yes (on shadbolt.decadent.org.uk) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2324 Lines: 55 --Pjk796cY0SfIo9Z2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Signing a module should only make it trusted by the specific kernel it was built for, not anything else. If a module signing key is used for multiple ABI-incompatible kernels, the modules need to include enough version information to distinguish them. Signed-off-by: Ben Hutchings Cc: stable@vger.kernel.org --- Documentation/module-signing.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Documentation/module-signing.txt b/Documentation/module-signing.txt index 696d5caf4fd8..f0e3361db20c 100644 --- a/Documentation/module-signing.txt +++ b/Documentation/module-signing.txt @@ -271,3 +271,9 @@ Since the private key is used to sign modules, viruses and malware could use the private key to sign modules and compromise the operating system. The private key must be either destroyed or moved to a secure location and not kept in the root node of the kernel source tree. + +If you use the same private key to sign modules for multiple kernel +configurations, you must ensure that the module version information is +sufficient to prevent loading a module into a different kernel. Either +set CONFIG_MODVERSIONS=y or ensure that each configuration has a different +kernel release string by changing EXTRAVERSION or CONFIG_LOCALVERSION. --Pjk796cY0SfIo9Z2 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBVxvCtOe/yOyVhhEJAQq2PA//XRz896omQ6pmd+b9Rl1/RQ58tJ5vVAv6 DwPUveWNxrmAefQEGsxLA4hCV5bW+igna5yRkQKjzxVcPYr4JXUGaUQXbOP5zOyM yWGyLtDeqytqriTdivALdcEygjrSMQA716by4K7oqVhqZRnC2W1odnsIrDRVhysm s04X+LapLBnEzRIN6sM9ObFu3AWsazlZLESa28Yz3jQHHzKWFVX297PGX0lDD+da +q8sLI0qCJMEvbHTHrmjMLMqaIUFXJOoEyw4rJmh1211oQSnO+/zFzATTEs/YDba T8XLDaOWULlkD081JWE1EPKJzwQWbIattJzzz4qSu5vVRd/1sgPAdLIswFyBHb/P PLUSxToSSYTJ0YkwhQYlWZ/94k9CMf5XW6iAZm61NqGLHPUgjBqryVA5+n2DUrra zsD4j/tUELS+iQcYfdRW40w59sWL6ftwEH0YzRuDredO6EHU531R6lrxVUVbAJB9 DUlWfQhpA3fFwO6OiT8SKfhfNjz6gLc49ct2kGpYq1F0FjvQELK1IXas7rsokNI8 EPR0C/kh8zkPlcr5mP8nOUGpLXpEIdxGVsOWB17P4UZgoa8m+wZBRcX1Zg8S0L0X rSt5HtLVehcDCaCz9YuIi15Im60k+a8WtPG3IanA96Cr7avcrR4K1nBBfTIXrasR T1DS33wLRfI= =APpt -----END PGP SIGNATURE----- --Pjk796cY0SfIo9Z2--