Return-Path: <linux-kernel-owner+willy=40w.ods.org-S267770AbUJOBAm@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S267770AbUJOBAm (ORCPT <rfc822;willy@w.ods.org>);
	Thu, 14 Oct 2004 21:00:42 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S267661AbUJOBAm
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Thu, 14 Oct 2004 21:00:42 -0400
Received: from ausmtp02.au.ibm.com ([202.81.18.187]:10393 "EHLO
	ausmtp02.au.ibm.com") by vger.kernel.org with ESMTP id S267770AbUJOBAj
	(ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 14 Oct 2004 21:00:39 -0400
Subject: Re: Fw: signed kernel modules?
From: "Rusty Russell (IBM)" <rusty@au1.ibm.com>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: David Woodhouse <dwmw2@infradead.org>, David Howells <dhowells@redhat.com>,
       rusty@ozlabs.au.ibm.com, Greg KH <greg@kroah.com>,
       Arjan van de Ven <arjanv@redhat.com>, Joy Latten <latten@us.ibm.com>,
       lkml - Kernel Mailing List <linux-kernel@vger.kernel.org>
In-Reply-To: <1097797477.8275.2.camel@localhost.localdomain>
References: <1096544201.8043.816.camel@localhost.localdomain>
	 <1096411448.3230.22.camel@localhost.localdomain>
	 <1092403984.29463.11.camel@bach> <1092369784.25194.225.camel@bach>
	 <20040812092029.GA30255@devserv.devel.redhat.com>
	 <20040811211719.GD21894@kroah.com>
	 <OF4B7132F5.8BE9D947-ON87256EEB.007192D0-86256EEB.00740B23@us.ibm.com>
	 <1092097278.20335.51.camel@bach> <20040810002741.GA7764@kroah.com>
	 <1092189167.22236.67.camel@bach> <19388.1092301990@redhat.com>
	 <30797.1092308768@redhat.com>
	 <20040812111853.GB25950@devserv.devel.redhat.com>
	 <20040812200917.GD2952@kroah.com> <26280.1092388799@redhat.com>
	 <27175.1095936746@redhat.com> <30591.1096451074@redhat.com>
	 <10345.1097507482@redhat.com>
	 <1097507755.318.332.camel@hades.cambridge.redhat.com>
	 <1097534090.16153.7.camel@localhost.localdomain>
	 <1097570159.5788.1089.camel@baythorne.infradead.org>
	 <1097626296.4013.34.camel@localhost.localdomain>
	 <1097664137.4440.5.camel@localhost.localdomain>
	 <1097707239.14303.22.camel@localhost.localdomain>
	 <1097797477.8275.2.camel@localhost.localdomain>
Content-Type: text/plain
Organization: IBM
Message-Id: <1097802027.22673.34.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Fri, 15 Oct 2004 11:00:27 +1000
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1354
Lines: 32

On Fri, 2004-10-15 at 09:44, Alan Cox wrote:
> On Mer, 2004-10-13 at 23:40, Rusty Russell (IBM) wrote:
> > > Whoops bang "num 0 elements". That check set isn't safe standalone
> > 
> > Thanks, Alan.
> > 
> > I'd appreciate your opinion on the issue at hand.  Is it worth 600 lines
> > of ELF verification and canonicalization code so we can strip modules
> > without altering the signature?
> 
> I'm unconvinced at the moment, it seems it would be easier to write the
> neccessary code to do this in userspace, and then sign the canonicalised
> module so that the kernel interface is small and clean.

Well, my original implementation carefully found the signature section,
copied it out and zeroed it, then checked the whole module.  The two
objections David Howells had was (1) stripping the module after build
breaks this, and (2) his scheme uses straight GPG signatures and they
are of variable length: some wrapper would be needed to handle trailing
zeroes in the signature.

The advantage was the simplicity of the scheme: very short path the
module verification, and no canonicalization step.

Rusty.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/