Return-Path: <linux-kernel-owner+willy=40w.ods.org-S267766AbUJLUne@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S267766AbUJLUne (ORCPT <rfc822;willy@w.ods.org>);
	Tue, 12 Oct 2004 16:43:34 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S267759AbUJLUnd
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Tue, 12 Oct 2004 16:43:33 -0400
Received: from mx1.redhat.com ([66.187.233.31]:4237 "EHLO mx1.redhat.com")
	by vger.kernel.org with ESMTP id S267776AbUJLUnX (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 12 Oct 2004 16:43:23 -0400
From: David Howells <dhowells@redhat.com>
In-Reply-To: <20041012190826.GB31353@kroah.com> 
References: <20041012190826.GB31353@kroah.com>  <30797.1092308768@redhat.com> <20040812111853.GB25950@devserv.devel.redhat.com> <20040812200917.GD2952@kroah.com> <26280.1092388799@redhat.com> <27175.1095936746@redhat.com> <30591.1096451074@redhat.com> <10345.1097507482@redhat.com> <1097507755.318.332.camel@hades.cambridge.redhat.com> <1097534090.16153.7.camel@localhost.localdomain> <1097570159.5788.1089.camel@baythorne.infradead.org> 
To: Greg KH <greg@kroah.com>
Cc: David Woodhouse <dwmw2@infradead.org>,
       "Rusty Russell (IBM)" <rusty@au1.ibm.com>,
       Arjan van de Ven <arjanv@redhat.com>, Joy Latten <latten@us.ibm.com>,
       lkml - Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Fw: signed kernel modules? 
User-Agent: EMH/1.14.1 SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386-redhat-linux-gnu) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen")
Content-Type: text/plain; charset=US-ASCII
Date: Tue, 12 Oct 2004 21:43:04 +0100
Message-ID: <4365.1097613784@redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1271
Lines: 32


> I agree.  We have to be able to detect improper header information for
> unsigned modules today, nothing new there.  So by only signing the
> information that the kernel looks at, we should be fine.

Take a look at:

	http://people.redhat.com/~dhowells/modsign/modsign-bits.tar.bz2

I've extracted the module signing and module verification stuff into a
userspace test harness for easier development.

Note that this module verifier will only work on PPC64 (well, it might work on
other big-endian ELF64 archs too) without messing around in the included
header files.

The module signer should work on anything, and should be able sign any sort of
ELF, no matter whether it's the same endianness or wordsize as the host CPU.

I've added an ELF verification function in checksig/module-verify.c that does
a reasonably comprehensive check of the ELF that might cause the kernel to
crash if it loads a module.

Run "make test" to build everything, check the unsigned module, sign the
module and check the signed module.

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/