Received: by 10.192.165.148 with SMTP id m20csp1193623imm; Wed, 2 May 2018 16:11:26 -0700 (PDT) X-Google-Smtp-Source: AB8JxZpunv5hwY82Zy/6LzcCzM1HkcCY8nc+sPuHZk+X7foEJ51FnDNQjB2ccURxGaIlUlMxndZJ X-Received: by 2002:a65:4102:: with SMTP id w2-v6mr16665681pgp.31.1525302686591; Wed, 02 May 2018 16:11:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525302686; cv=none; d=google.com; s=arc-20160816; b=X4KOq/0GD34EDBus6j5ZLy91eSz9OapB+oeGyo5sPydGtM1aG1QpgouQBa1PhldFBV vs/ygGzM+EocvQHOhhLeqa6K4a9kAZrIx8ODIbJMiqytijFf+fEIFbyaiPLBWD20urED gUpparFjzizZNA5TrAztp7sogz6xu4MDWqBXbJR/62FiaBwlbyfQxXVIHEG5qgbDBPAd onQe9A5q0pSQivHM5Ll0C8nhxCPJqa5DZ28vEErhxELS6CIxd7ouA5vNhzS4yAEi+3LD qv9JjIOeBp0dGxsnkA1j9KDe39Z8dYKTHutjJeY28wjasP+y8qGc7+gT5Yp2HiQvC/+c KqXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:references:in-reply-to:date :subject:cc:to:from:arc-authentication-results; bh=ZtefrkpDmryyaR18hIIQNg7ro3IrhbkAKKCkKJf5X80=; b=wLrIP3DWaKKMP2KbfdYPYO2vJif8eVaJRH8hM9KAyd0tGQnJFHUR9FtsiRZArp7RUK B/j3jyunK1Gp/bdDQjaqmFr78Ai2EpCLibaxssZwAB2p6fs2HwvhSyRaxARJY1UZf0if hGR/kiCsmfNAt6O0WXtvWE4xTLSgl/EoktXPlyHwVy4T5M/uJKDA6SYY3iSET9u9jlKd K0B4eEoW/ZyY6cWO2zgnUfG2nar0HjRYH3nR3Wbm0pHF/D461WiEb5Wg5O6Oss53jBsf HzldOE3wjzBzWRJDulmu9ezU12h+Mew4TxxJE4TzIk6aa92KQy9wt/3nKMWfPj1IHMbI /Ovw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z188si12411115pfz.336.2018.05.02.16.10.42; Wed, 02 May 2018 16:11:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751913AbeEBXJ2 (ORCPT + 99 others); Wed, 2 May 2018 19:09:28 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:43936 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751698AbeEBXIl (ORCPT ); Wed, 2 May 2018 19:08:41 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w42N4pan059345 for ; Wed, 2 May 2018 19:08:41 -0400 Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149]) by mx0b-001b2d01.pphosted.com with ESMTP id 2hqpntr5x6-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 02 May 2018 19:08:41 -0400 Received: from localhost by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 2 May 2018 17:08:40 -0600 Received: from b03cxnp07028.gho.boulder.ibm.com (9.17.130.15) by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 2 May 2018 17:08:37 -0600 Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w42N8bUd12321178; Wed, 2 May 2018 16:08:37 -0700 Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 61A7F13603C; Wed, 2 May 2018 17:08:37 -0600 (MDT) Received: from muttley.aw4.unh.edu (unknown [9.85.135.152]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 5A1A813603A; Wed, 2 May 2018 17:08:35 -0600 (MDT) From: Mehmet Kayaalp To: David Howells , David Woodhouse , Keyrings Cc: Linux Integrity , Linux Security , Linux Kernel , Mimi Zohar , Stefan Berger , George Wilson , Mike Rapoport , Mehmet Kayaalp Subject: [PATCH v6 1/4] KEYS: Insert incompressible bytes to reserve space in bzImage Date: Wed, 2 May 2018 19:08:08 -0400 X-Mailer: git-send-email 2.14.3 (Apple Git-98) In-Reply-To: <20180502230811.2751-1-mkayaalp@linux.vnet.ibm.com> References: <20180502230811.2751-1-mkayaalp@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18050223-8235-0000-0000-00000D6A1022 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00008959; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000258; SDB=6.01026618; UDB=6.00524344; IPR=6.00805804; MB=3.00020894; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-02 23:08:39 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18050223-8236-0000-0000-000040C1F419 Message-Id: <20180502230811.2751-2-mkayaalp@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-02_09:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805020192 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Include a random filled binary in vmlinux at the space reserved with CONFIG_SYSTEM_EXTRA_CERTIFICATE. This results in an uncompressed reserved area inside the bzImage as well, so that it can be replaced with an actual certificate later (after the bzImage is distributed). The bzImage contains a stripped ELF file with one section containing the compressed vmlinux. If the reserved space is initially filled with zeros, certificate insertion will cause a size increase in the compressed vmlinux. In that case, reconstructing the bzImage would require relocation. To avoid this situation, the reserved space is initially filled with random bytes. Since a certificate contains some compressible bytes, after insertion the vmlinux will hopefully be compressed to a smaller size. Signed-off-by: Mehmet Kayaalp --- certs/.gitignore | 1 + certs/Makefile | 21 ++++++++++++++++++--- certs/system_certificates.S | 2 +- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/certs/.gitignore b/certs/.gitignore index f51aea4a71ec..4ecc8dd7559d 100644 --- a/certs/.gitignore +++ b/certs/.gitignore @@ -2,3 +2,4 @@ # Generated files # x509_certificate_list +extra_cert_placeholder diff --git a/certs/Makefile b/certs/Makefile index 5d0999b9e21b..a284c0c72ce5 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -16,7 +16,12 @@ ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS)) # GCC doesn't include .incbin files in -MD generated dependencies (PR#66871) -$(obj)/system_certificates.o: $(obj)/x509_certificate_list +ifeq ($(CONFIG_SYSTEM_EXTRA_CERTIFICATE),y) +system_certs_incbin = $(obj)/x509_certificate_list $(obj)/extra_cert_placeholder +else +system_certs_incbin = $(obj)/x509_certificate_list +endif +$(obj)/system_certificates.o: $(system_certs_incbin) # Cope with signing_key.x509 existing in $(srctree) not $(objtree) AFLAGS_system_certificates.o := -I$(srctree) @@ -24,12 +29,22 @@ AFLAGS_system_certificates.o := -I$(srctree) quiet_cmd_extract_certs = EXTRACT_CERTS $(patsubst "%",%,$(2)) cmd_extract_certs = scripts/extract-cert $(2) $@ || ( rm $@; exit 1) -targets += x509_certificate_list +targets += $(system_certs_incbin) $(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE $(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS)) + +ifeq ($(CONFIG_SYSTEM_EXTRA_CERTIFICATE),y) +# Generate incompressible bytes. Use seed to make it reproducible +quiet_cmd_placeholder = EXTRA_CERT_PLACEHOLDER + cmd_placeholder = perl -e 'srand(0); printf("%c", int(rand(256))) for (1..$(2))' > $@ + +$(obj)/extra_cert_placeholder: FORCE + $(call if_changed,placeholder,$(CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE)) +endif # CONFIG_SYSTEM_EXTRA_CERTIFICATE + endif # CONFIG_SYSTEM_TRUSTED_KEYRING -clean-files := x509_certificate_list .x509.list +clean-files := $(system_certs_incbin) .x509.list ifeq ($(CONFIG_MODULE_SIG),y) ############################################################################### diff --git a/certs/system_certificates.S b/certs/system_certificates.S index 3918ff7235ed..e23de70c1a30 100644 --- a/certs/system_certificates.S +++ b/certs/system_certificates.S @@ -18,7 +18,7 @@ __cert_list_end: .globl VMLINUX_SYMBOL(system_extra_cert) .size system_extra_cert, CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE VMLINUX_SYMBOL(system_extra_cert): - .fill CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE, 1, 0 + .incbin "certs/extra_cert_placeholder" .align 4 .globl VMLINUX_SYMBOL(system_extra_cert_used) -- 2.17.0