Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S267766AbUJLUne (ORCPT ); Tue, 12 Oct 2004 16:43:34 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S267759AbUJLUnd (ORCPT ); Tue, 12 Oct 2004 16:43:33 -0400 Received: from mx1.redhat.com ([66.187.233.31]:4237 "EHLO mx1.redhat.com") by vger.kernel.org with ESMTP id S267776AbUJLUnX (ORCPT ); Tue, 12 Oct 2004 16:43:23 -0400 From: David Howells In-Reply-To: <20041012190826.GB31353@kroah.com> References: <20041012190826.GB31353@kroah.com> <30797.1092308768@redhat.com> <20040812111853.GB25950@devserv.devel.redhat.com> <20040812200917.GD2952@kroah.com> <26280.1092388799@redhat.com> <27175.1095936746@redhat.com> <30591.1096451074@redhat.com> <10345.1097507482@redhat.com> <1097507755.318.332.camel@hades.cambridge.redhat.com> <1097534090.16153.7.camel@localhost.localdomain> <1097570159.5788.1089.camel@baythorne.infradead.org> To: Greg KH Cc: David Woodhouse , "Rusty Russell (IBM)" , Arjan van de Ven , Joy Latten , lkml - Kernel Mailing List Subject: Re: Fw: signed kernel modules? User-Agent: EMH/1.14.1 SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386-redhat-linux-gnu) MULE/5.0 (SAKAKI) MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII Date: Tue, 12 Oct 2004 21:43:04 +0100 Message-ID: <4365.1097613784@redhat.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1271 Lines: 32 > I agree. We have to be able to detect improper header information for > unsigned modules today, nothing new there. So by only signing the > information that the kernel looks at, we should be fine. Take a look at: http://people.redhat.com/~dhowells/modsign/modsign-bits.tar.bz2 I've extracted the module signing and module verification stuff into a userspace test harness for easier development. Note that this module verifier will only work on PPC64 (well, it might work on other big-endian ELF64 archs too) without messing around in the included header files. The module signer should work on anything, and should be able sign any sort of ELF, no matter whether it's the same endianness or wordsize as the host CPU. I've added an ELF verification function in checksig/module-verify.c that does a reasonably comprehensive check of the ELF that might cause the kernel to crash if it loads a module. Run "make test" to build everything, check the unsigned module, sign the module and check the signed module. David - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/