Received: by 10.223.185.116 with SMTP id b49csp1274717wrg; Fri, 16 Feb 2018 16:10:04 -0800 (PST) X-Google-Smtp-Source: AH8x227Ac1KPZos6Dlg3HJxzOJ8I9FrRLwrC4VUsBvUzUcJl66PgzjBqx1HO3zrdi9XIRBt7E8U8 X-Received: by 2002:a17:902:5902:: with SMTP id o2-v6mr7119477pli.79.1518826204850; Fri, 16 Feb 2018 16:10:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518826204; cv=none; d=google.com; s=arc-20160816; b=fzjB18YGs2OB7L+XNM3PtKIkcAfVNT3VqGqKZZj8YvOVkGrw912sHloviPvcqGrCeu fyVofA6fLrI9CMb+11uaVQCp9jRglvbaSDqYa9t4hh2xry/B6eJs14kBRgQMbPbD4yGK mUQjY1X6CCnR/K2j6/1hbGZbDQvnZlCTTeqlXuzeXCPbmkHhkZyClW6AsDb5H3LYhanC Q4AsfVhrc5g3Rth47UUMaYsVeblg7CasDlrb5B7Cnc09VlTfaekcHC1w+g8gl1HoLapi R5xzCwBGV1/3sYC2OVSooiiIRRVB0zkNMiiX0UnQgZ05lfZe87y+nEheuVzoZBdeFbpy 4oxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=qFz+7rD3xLikqq2eziE00fyO6NTURGLEl0wsrbbyNXA=; b=MTa9POlafmnIXmwD7qh6V78VsouqSKLNXzUSZOuxTtXO6ro2TxE5UGDfqzpdzi4D0W vScNNLUjiivnAB1yi2ShzrcBdJEEkCukuTwhyQtFLKoOIb34XnAMDnaxwyQTOuv/iyg5 17qDSTr76VdF0PJtwrDQ5bubjju8xO+WIOfm52ZZr4EZAfAnqcWdkMtT1UZrcu+r0UEu og3JCBXGkENYY7r8B2BALuQztu6GKKu56/7FmY8PlSGu1ltcQi3ZfkXzQAZqDX41+VmU mILvAvLXqwBle/J1Ft4FHskFp5wPF/1A8cIAMpSzj6j7VloK4q4hZ549OykyfYDe65wy Dq/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=MDzjUlQg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 59-v6si518205pld.246.2018.02.16.16.09.50; Fri, 16 Feb 2018 16:10:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=MDzjUlQg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751065AbeBQAJE (ORCPT + 99 others); Fri, 16 Feb 2018 19:09:04 -0500 Received: from mail-it0-f54.google.com ([209.85.214.54]:54979 "EHLO mail-it0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750911AbeBQAJD (ORCPT ); Fri, 16 Feb 2018 19:09:03 -0500 Received: by mail-it0-f54.google.com with SMTP id p204so3640997itc.4 for ; Fri, 16 Feb 2018 16:09:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qFz+7rD3xLikqq2eziE00fyO6NTURGLEl0wsrbbyNXA=; b=MDzjUlQg2lEHJx/rJvPXPAOH4WmdNWIDvqBSc/0EMr3tbQ6/NPWTtBZsylP5q+RFR4 8mFno4gYJiPXoHLGeHLodzU8h7Pur6aVO4FSBaZc6JA/RQwYbIyD08gIC42WfPctV6Y1 MtYf1efI+WTrJW10l5DutUhbTMzpSUOr2sYPoGkl4aD9cBjczSNbcYzxdv+DRw5c66EW lTc0RVHiiskEeXXSUUnuudBR+0xkTOuvbT6AFvUHJ3TTWzXRv6Vo7MGFF752b0mR5BVi ylMvPbt9IQSUqFZybI05nDkJc5UD+vvjIb4sZ4Ig7zbj4rHgQ6y5+/XWUbzBn+JAtcyG k2Ow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qFz+7rD3xLikqq2eziE00fyO6NTURGLEl0wsrbbyNXA=; b=TSM1xOb+aXda48eXLYD3DDo/LAIKz1XNt1cGM/kjVO58XtKnNa6UURrXDNnHSqJhMO KQ+oY7uYgNmrEE7bC4t4XnCWJKTMj3x9E4WR4C1suN7CHqvK6+dui5KVZGbcVNZwA/RP kUUcNfvdH0DxpWLcGSrSjs1Bpv3aZXdVxwPnNJeSMUAARpjHxr8AKp1ZLXBp96iH5Lh4 +YvpFNeX6H+XG+wyewUOmDrVEkVcTkUEmLsjxxhjOx8nlVuvAk6P+RAK10pD9fLiVziM ci5wa5/y0zQbX4br3REf7YjfHqaCuka+CxT+djLqC6rUyRqUBV+qoZfG4wTkm5QH0MM2 YkYg== X-Gm-Message-State: APf1xPAPsUGTBJWA+DccDxA3MHsHiZ03kECoxJJQTKHXwe6uz3kf58It eaHh5oL0i6CLfAM9RbQ+Au+JH9HJDZFmTE0tnA+Hh6ml X-Received: by 10.36.194.71 with SMTP id i68mr10151714itg.89.1518826142273; Fri, 16 Feb 2018 16:09:02 -0800 (PST) MIME-Version: 1.0 References: <20170807195027.13192-1-mjg59@google.com> <20180215152514.rxmh7webdg2i2fct@redbean> In-Reply-To: From: Matthew Garrett Date: Sat, 17 Feb 2018 00:08:51 +0000 Message-ID: Subject: Re: [PATCH] Make kernel taint on invalid module signatures configurable To: pmhahn@pmhahn.de Cc: Jessica Yu , Ben Hutchings , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 16, 2018 at 12:25 AM Philipp Hahn wrote: > Sadly didn't work for me :-( > If my understanding is correct and iff that would work, Debian (and > others) could load their public key into Shim and then use the > associated private key for singing their modules. This works for UEFI systems, but distributions have to support non-UEFI as well.