Received: by 10.223.185.116 with SMTP id b49csp2268550wrg; Thu, 22 Feb 2018 10:49:48 -0800 (PST) X-Google-Smtp-Source: AH8x225wPt9Oe6T7qXqKDx/N+iEC+UPPa3rmwx0bvgGZjZUQ8iq9i8HmD2b8MQG+rhgJpGkFbKyY X-Received: by 2002:a17:902:b081:: with SMTP id p1-v6mr7359021plr.314.1519325388815; Thu, 22 Feb 2018 10:49:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519325388; cv=none; d=google.com; s=arc-20160816; b=g3efU8MCksPfEAONB2AoWHeRQKxFyd7rnGc1Deem56RIymJmYdfwfwJC0lKDNa7EGX OpV6CP6HU+i7jvDRNKQeCAUzZiviCuivUO32s9qwvV7nYHq1mEdwACkfK4RYP76NOfUa QGz+bIuC5JlWjkClI2y6VPGEdrkGPf4ppusIHXTnxVnZ3TBEtslgs0Z5+9ee4DgSzC0W k61FLBuuAJc14IR+oC9jUnGqhMpaRAB87VdbStT9f71cO4ZKoMWb+nAH2vnOYaavMpRr eOjZPUUNrP3oHgCeLBV6FykO6KoYTZ8FdfL8achn0l5xtbxt4pD9P0eTm/KX8FoffCs7 WLMw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=7JZWsqpsq4aw61Fg6wA/bYVlA/YAxGImuMtmcMAyytE=; b=HKcaMsT0WSPg7GiNuqE6B6Umwrj5OXvNPA5b5rjcWi86YR4SlN/QWEhXEuHerRcLIJ x22pGrmh5UsJ9puRwTYHimJ9Vf0AXUBhbrQXfHpdaE+2Ux4fpf9syqs47mtvh1ew9bSv bkXqg8Fx7UOoWGm/uMzFbjrxULvLf/E9ZJQRhCLoFrU2xLHJ60FBpMr7yWC/UlQ6LrLT iScHosn2MDbn5+UL9ECfbrd1kko+XnZmhmFJ4fFl7o1hk4lVi4EcAdC01VI0wdUtBHqZ Y0lPFVY4wuB2F0zIuZhuXsP2U0GXOQHhTAo8BrrcSWj4oOTSdowhQGXLS4RYpu2gysIv f1TA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e11si376716pgr.231.2018.02.22.10.49.33; Thu, 22 Feb 2018 10:49:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751365AbeBVSoc (ORCPT + 99 others); Thu, 22 Feb 2018 13:44:32 -0500 Received: from mx2.suse.de ([195.135.220.15]:56415 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750765AbeBVSoa (ORCPT ); Thu, 22 Feb 2018 13:44:30 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id F1A74AEA6; Thu, 22 Feb 2018 18:44:28 +0000 (UTC) Date: Thu, 22 Feb 2018 19:44:28 +0100 From: Jiri Bohac To: David Howells Cc: linux-security-module@vger.kernel.org, jforbes@redhat.com, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 04/30] Enforce module signatures if the kernel is locked down Message-ID: <20180222184428.yby6usf4b5pd6nrw@dwarf.suse.cz> References: <151024866805.28329.10437019941463042267.stgit@warthog.procyon.org.uk> <151024863544.28329.2436580122759221600.stgit@warthog.procyon.org.uk> <30284.1519304877@warthog.procyon.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <30284.1519304877@warthog.procyon.org.uk> User-Agent: NeoMutt/20170912 (1.9.0) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 22, 2018 at 01:07:57PM +0000, David Howells wrote: > I'm considering folding the attached changes into this patch. > > It adjusts the errors generated: > > (1) If there's no signature (ENODATA) or we can't check it (ENOPKG, ENOKEY), > then: > > (a) If signatures are enforced then EKEYREJECTED is returned. > > (b) If IMA will have validated the image, return 0 (okay). > > (c) If there's no signature or we can't check it, but the kernel is > locked down then EPERM is returned (this is then consistent with > other lockdown cases). > > (2) If the signature is unparseable (EBADMSG, EINVAL), the signature fails > the check (EKEYREJECTED) or a system error occurs (eg. ENOMEM), we return > the error we got. > > Note that the X.509 code doesn't check for key expiry as the RTC might not be > valid or might not have been transferred to the kernel's clock yet. Looks good. Reviewed-by: Jiri Bohac -- Jiri Bohac SUSE Labs, Prague, Czechia