Received: by 10.213.65.68 with SMTP id h4csp263455imn;
        Tue, 13 Mar 2018 03:41:41 -0700 (PDT)
X-Google-Smtp-Source: AG47ELtg7RjL3vVeIhNfpMeyFK+/yxL2SoKO/gL8XrNKXDPqbLNhOsDNqDaT26s6ZIIiOHV3B2dn
X-Received: by 10.99.96.210 with SMTP id u201mr111289pgb.124.1520937701532;
        Tue, 13 Mar 2018 03:41:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1520937701; cv=none;
        d=google.com; s=arc-20160816;
        b=uHDA/mv4XsytS1VDJCOrhYQdVzzO+NBKiBiwZVpFG5+xZC9QSVWc/2ALJaiLZP69wP
         Ea2M7Nwab63EdZSFTm69iFz6N+Zgt9J4VJAzAVDhMOVswl4z0vPG2MyHUPhaVnruthGU
         i1Z8g30RJkG3xo49HRarJM8VNO5XUMxLhC4eEpUUdbr7ehrCbCj2mZPOctTffH0VGMzS
         dq6Iajz1Abv4lXby2ly6PEc2AwMA5Fc0Q2BWSJ6A2oMvj/KsljxqsMJ777ewkYfRtIBF
         tUTG+0hz+fpD2qV7f29qhf20gpZ7gf0uol/hLwgg2b/xKuPGMItoVw7MXwQOs38F4NJ1
         7r5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature:arc-authentication-results;
        bh=XnrZebibm0PE6yRdeLfWjDRUtp/kaZjPv3DPBB0oMcQ=;
        b=Pjf8fi46KLt2CYCKOOMfpO0Zp90iH7Nrpt3tHHS1vCN6sUJL3xPks9KdkAg9ANCJmp
         2/5NXBZI74+zDJ/tKZQR36RYnCqY4VFGPhVDiQKyMKyrk9utSab1UjxJXZtENe+9W5JF
         Zu1UOo3GU1+7y9EbfN/iq+ViPhyfRj1Gs3sbdYKpEQXfnZnxlOiQ/Bbhc6LWHZgK+SqO
         F5O0NYLdZzdVWxuH0OmsDSayNnN6SSb2fzMqWpN5FD5B+LhoYq9Nw3w01hG6YLTUVPtc
         YjPTC8c5O5wXiAqlNJ282CSA+b1Qs7Wl0X/nE9i6ocXc1i9eGAfGaleudawlllC2GDuQ
         l2Pw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=hzjFFSXf;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w24-v6si16400plq.553.2018.03.13.03.41.27;
        Tue, 13 Mar 2018 03:41:41 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=hzjFFSXf;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932898AbeCMKiV (ORCPT <rfc822;morganleezd2003@gmail.com>
        + 99 others); Tue, 13 Mar 2018 06:38:21 -0400
Received: from mail-it0-f66.google.com ([209.85.214.66]:56034 "EHLO
        mail-it0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932568AbeCMKiS (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 13 Mar 2018 06:38:18 -0400
Received: by mail-it0-f66.google.com with SMTP id n136so15116369itg.5;
        Tue, 13 Mar 2018 03:38:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=XnrZebibm0PE6yRdeLfWjDRUtp/kaZjPv3DPBB0oMcQ=;
        b=hzjFFSXfuOX8UC6LAIteSUn2U8ZkLObil/Q7Rekvo6wqajSV+MafvAueFwllXkBGLb
         /A6wKBcUCn8CdercZURN7dWz0ZvN2J64/dRo7LEqRkj6vy+eaiQV6FWGMzecNaHP9vDF
         D1djhzi+5arHbPICDZiCRI5MFtWcDhglRhySIHIYRfy9DHibgZ+DeeHpjxe67hcy6gSv
         R8fRY5rE/DvblNhKjOX5nL0VRRrhG55fBFZo73mNqsfHLxJcU+jItSpiXTTp+OHk5eOG
         suy2B8Uory56bmeu++hUAdM1/0+EqKT4N/Y48WrJZLMSuyz3/wSxd+fE8jkAWlqOCtyw
         xKCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=XnrZebibm0PE6yRdeLfWjDRUtp/kaZjPv3DPBB0oMcQ=;
        b=XO6Yyo/113ubgP4qkFx30bjSuVvBazETgbCpuSP/inII+gF+IvrGorfACuJvKZpbWe
         tWQ7YFekyNMfqg4uKEmwmEwqpPIvXqoTxaTaCczWWCOBhG0rZ+fOZnGwNsdYfEOCocV1
         zgak5/mbbPcCbUFZKWi/XKQErXa/O59trB056xJB4GPyzUuwKaDh8oEnasf4idBwknKD
         sFMbOUInS8VZac4VMyBzCJFD9vxAyjx5Wa90XFDTJFLtaI3o5qvwZ5VnO+bXCWTAUwN9
         7ePP+5IQuWmoAjkjbFCeSB5HmYYVackF/AL4uVwSdUtoRKUQcurBs2kkU8qBNHhgyPLA
         x9Yw==
X-Gm-Message-State: AElRT7GVxHs58LEAsn5wjsbfkgHQ4aCzRPjE32ML9gW75o6M2PwmZUGW
        02dUPptKYrQKGhb6QAw3nDQ=
X-Received: by 10.36.74.202 with SMTP id k193mr302876itb.150.1520937497538;
        Tue, 13 Mar 2018 03:38:17 -0700 (PDT)
Received: from linux-l9pv.suse ([134.159.103.118])
        by smtp.gmail.com with ESMTPSA id y128sm282657itb.39.2018.03.13.03.38.14
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Tue, 13 Mar 2018 03:38:16 -0700 (PDT)
From:   "Lee, Chun-Yi" <joeyli.kernel@gmail.com>
X-Google-Original-From: "Lee, Chun-Yi" <jlee@suse.com>
To:     David Howells <dhowells@redhat.com>
Cc:     linux-fs@vger.kernel.org, linux-efi@vger.kernel.org,
        linux-kernel@vger.kernel.org, "Lee, Chun-Yi" <jlee@suse.com>
Subject: [PATCH 0/5 v2] Using the hash in MOKx to blacklist kernel module
Date:   Tue, 13 Mar 2018 18:37:58 +0800
Message-Id: <20180313103803.13388-1-jlee@suse.com>
X-Mailer: git-send-email 2.12.3
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patch set is base on the efi-lock-down and keys-uefi branchs in
David Howells's linux-fs git tree.
    https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-uefi

The main purpose is using the MOKx to blacklist kernel module.

As the MOK (Machine Owner Key), MOKx is a EFI boot time variable which
is maintained by shim boot loader. We can enroll the hash of blacklisted
kernel module (with or without signature) to MOKx by mokutil. Kernel loads
the hash from MOKx to blacklist keyring when booting. Kernel will prevent
to load the kernel module when its hash be found in blacklist.

This function is useful to revoke a kernel module that it has exploit. Or
revoking a kernel module that it was signed by a unsecure key.

Except MOKx, this patch set fixs another two issues: The MOK/MOKx should
not be loaded when secure boot is disabled. And, modified error message
prints out appropriate status string for reading by human being.

v2:
Chekcikng the attributes of db and mok before loading certificates.

Lee, Chun-Yi (5):
  MODSIGN: do not load mok when secure boot disabled
  MODSIGN: print appropriate status message when getting UEFI
    certificates list
  MODSIGN: load blacklist from MOKx
  MODSIGN: checking the blacklisted hash before loading a kernel module
  MODSIGN: check the attributes of db and mok

 certs/load_uefi.c       | 92 +++++++++++++++++++++++++++++++++++--------------
 include/linux/efi.h     | 25 ++++++++++++++
 kernel/module_signing.c | 62 +++++++++++++++++++++++++++++++--
 3 files changed, 152 insertions(+), 27 deletions(-)

-- 
2.10.2