Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp6490251imb; Fri, 8 Mar 2019 20:46:31 -0800 (PST) X-Google-Smtp-Source: APXvYqzj/zKjQzmYvWglWl1U6yq64a5ldgOaUVjHV6jLs4PcGB86hsfWAM1Br/gdLUYeM4C6/Peu X-Received: by 2002:a65:5303:: with SMTP id m3mr19883046pgq.292.1552106791343; Fri, 08 Mar 2019 20:46:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1552106791; cv=none; d=google.com; s=arc-20160816; b=MQvkWzQKJY2C6Veg7Swr7N+JMJbQDuoXaLUeTzmM0g/4y2icDVDb2PA9/Tf9ucHagm R7HbrT/MhYEAVROnlhT5ToFKdkce8xfJ59hUOnx+1J2pzcepDspiboQpcnL6M7E19+Fj EYvRge5BBvVnYoYcaLmeaYOPeIOZkcwTluANiPX3m5fNhQTd3T34Vytu35YJ0x081E3b fgQlYTiidSPCNjJ87kkR9daIzo7Z3AGaLk/ZGjOn9+ygxjQlJTSZvDfk2O7QclWH/jod 9alg9BDF2MyPzL1DHpL3ChSUf57wLdHYKpl9qRNavCNsor8nXD9RHWhclvFGkmEApc/0 jPIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date; bh=SZxAYUsHcSQ2DfLSc86Hpf1rngZWJtaBnpSmcRKJdiM=; b=UeqZYe8QiIJoI1FaST1oD54wWdzUL8vPDP/RWhkS6EJpl3740F8TiDWSEP9FcLSkjK zqDyqbjNp+3XPupjYA6V7wK1yXiRnHsB7VBsSzM+PUzuNTyRtyZg8P6XvlftLv5UHF5Z QSyiwoRdy12fG/Xkc334lE6tvhqCIVzYAHK6KlEA08QJvMIh34o9FBpR8bp4UhRV62px Muyg54S4vGyU/lZ9cMbURCgcuHjJ9E7o2Y9vO4whUMaUKIjRafMz18Jg+ET5+FqMkPh+ C6h863A7AIRZDS+zncrps7BkcD0NbFakji9OD5Peyy5yFAwEqmKRWFd2Wn/8uMeyRj0m rYpQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t66si8739155pfb.178.2019.03.08.20.46.15; Fri, 08 Mar 2019 20:46:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726635AbfCIEpm (ORCPT + 99 others); Fri, 8 Mar 2019 23:45:42 -0500 Received: from namei.org ([65.99.196.166]:56226 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726352AbfCIEpl (ORCPT ); Fri, 8 Mar 2019 23:45:41 -0500 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id x294jaje024550; Sat, 9 Mar 2019 04:45:36 GMT Date: Sat, 9 Mar 2019 15:45:36 +1100 (AEDT) From: James Morris To: Matthew Garrett cc: LSM List , Linux Kernel Mailing List , David Howells Subject: Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down In-Reply-To: Message-ID: References: <20190306235913.6631-1-matthewgarrett@google.com> <20190306235913.6631-4-matthewgarrett@google.com> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 8 Mar 2019, Matthew Garrett wrote: > On Fri, Mar 8, 2019 at 3:00 PM James Morris wrote: > > > > On Wed, 6 Mar 2019, Matthew Garrett wrote: > > > > > From: David Howells > > > > > > If the kernel is locked down, require that all modules have valid > > > signatures that we can verify. > > > > Perhaps note that this won't cover the case where folk are using DM-Verity > > with a signed root hash for verifying kernel modules. > > Mm. I can't see a terribly good way of doing this generically - > loadpin gives no indication to the module loading code that it comes > from a trusted source. Would making the lockdown/module signature > enforcement a separate config option be reasonable? I was just suggest documenting this. -- James Morris