Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp7247172ybh; Thu, 8 Aug 2019 12:28:25 -0700 (PDT) X-Google-Smtp-Source: APXvYqw4WrkohA6uTn7Ebi2Pz82eN42lt5XzQ7VGmb+7Gn6d71VyU8TdYfSIrQImjNBcBG7KYzeM X-Received: by 2002:a17:902:7043:: with SMTP id h3mr15816748plt.10.1565292505622; Thu, 08 Aug 2019 12:28:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565292505; cv=none; d=google.com; s=arc-20160816; b=qEWRsBkoKkF+B2ZWNzFW8FkIqBlOluxxz/W+DaWGWfvKrZahV+gbZR+hwnnNseiBDd X3FPmfbNn16i0Uowdk2Ooq5fHQ8OeJjveB2bBh8QIy4c0YLBTUOkG0Mk0U1XZfHBFnbj 5WmJFWvNy0+sU+dwbOdPLoTVtgLtNxVj92kjg9oS9KKySdwHZaQXX20uBl1Anz3vZcdf kw1kLmBbvoI2N8MVkO2ud2A+fWvc5jyQ/4aeaASidrqt7sYTfOd3DyqF+/8N3jjUoPsl X4C6QCRNtZJKZa+zThMoYSVgW6s7N/ogDNFb/KlE082+ZTLlGkd9ARcpnphE7Ue5gFaP vkYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3rtv12HMfSH1D6p3ex9Lyt90UEVGyLsKWezm6chHT9A=; b=ke2Kkqsa9oJ00tueDJMgyR4eWCXHyV1Xrg9R6ElU5V4pmbtcNQunQrT1OZ8rqeNT2G cSzxDiPKyJgR/RO+hgSOc129V/HlkBGMJQblhrlYrHCMoAnL4VeixOk5U//uG7uELkHY 40Zoj71R8y2C8erVBHqvNMcP6Q6Zxa+1pDPddsnuqMvusHqFRi1MsykjJ4KTcv7ZYydX cib39v/mtmL6i8oFYqYYeOS3J18RTw8KYxaDFUzs+/PY1voY3VLRIj+7eQGp1VtaNMgL 45fswH/xdoIUhYRTSKfIFDgtzY95wfK/hG1kk4F+2v8d2cL+B6sE2bh81Jq3x+GpdWL1 5XgQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Fy+mcdgG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a6si2567041pjo.91.2019.08.08.12.28.10; Thu, 08 Aug 2019 12:28:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Fy+mcdgG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730678AbfHHSbX (ORCPT + 99 others); Thu, 8 Aug 2019 14:31:23 -0400 Received: from mail-ot1-f68.google.com ([209.85.210.68]:41447 "EHLO mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389754AbfHHSbW (ORCPT ); Thu, 8 Aug 2019 14:31:22 -0400 Received: by mail-ot1-f68.google.com with SMTP id o101so122540520ota.8 for ; Thu, 08 Aug 2019 11:31:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3rtv12HMfSH1D6p3ex9Lyt90UEVGyLsKWezm6chHT9A=; b=Fy+mcdgGF1HsiFc0TDdVGK0VRkPzdwcSw2bdeX0q/LcEmOoX4UWJo261S4sTNtXb8i xi7isPO6UGweXoy8UowH7HGPwaIdB7xKGK0peBhMf4rrcnKG1Pc7k/kuVLmXyJDFXr49 dnV+6E8OeEL1YA9mFq4qj6wtdq11bJU9LN3YqIDVlc1vjCP/DpTxDjQQrGVPHd2JIniS wY3LJsYpctZDt+5lLo0Ir7QMYvtpyseoqGHpW5SCs/+4h0z0ErqYypINRRkHbBacD7it CU73H/EMss8E0ionfShh0Y2KPn+m/5h1xmbinM8zW0JY3avRjiDF0HPBmq7CmqovdNrJ 21TA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3rtv12HMfSH1D6p3ex9Lyt90UEVGyLsKWezm6chHT9A=; b=ZERrhkM/pJnqFdmHq4UM40Z3L1kQ8wQhYQal8AWTyHw+V6/vFTmi6TYhpwRpmWpYXX O53UcFtGTbZol6a1QJMd8LUbTiQRFUELiZCEo9kDcUyhaBChurLQdweFGxzGiCJ8obm2 JIeiPOmAtbJSBTqetCoTFI4LE6gjDV6/Qq2uRgqzveZSbHsjJe/YeTMOYoW7uY5LS7UE tGpLiuyrD08M9q69bDe60BphhBh881/jmG1VJqlp6H/usPtBtJ2iIq3uL6t/1RkFS1rw tS9D949zEENaXdhfH+IuRWfLVkxNDnkxTXOo+xGk82NyV4IBT0jJE51T2LJ5/eB9RNHx 7WTw== X-Gm-Message-State: APjAAAXOZDE0j8d4HWy52Mg3WZk7H7/IauYW3IEEBJiwbR2tgBTd3cbn S8pgynStQ7fhiWjbliGigjW4/zIzULWPkgS/G1p6u2CWTqU= X-Received: by 2002:a5e:9404:: with SMTP id q4mr2188207ioj.46.1565289080794; Thu, 08 Aug 2019 11:31:20 -0700 (PDT) MIME-Version: 1.0 References: <20190731221617.234725-1-matthewgarrett@google.com> <20190731221617.234725-5-matthewgarrett@google.com> <20190801142157.GA5834@linux-8ccs> <20190808100059.GA30260@linux-8ccs> In-Reply-To: <20190808100059.GA30260@linux-8ccs> From: Matthew Garrett Date: Thu, 8 Aug 2019 11:31:09 -0700 Message-ID: Subject: Re: [PATCH V37 04/29] Enforce module signatures if the kernel is locked down To: Jessica Yu Cc: James Morris , LSM List , Linux Kernel Mailing List , Linux API , David Howells , Kees Cook Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Aug 8, 2019 at 3:01 AM Jessica Yu wrote: > If you're confident that a hard dependency is not the right approach, > then perhaps we could add a comment in the Kconfig (You could take a > look at the comment under MODULE_SIG_ALL in init/Kconfig for an > example)? If someone is configuring the kernel on their own then it'd > be nice to let them know, otherwise having a lockdown kernel without > module signatures would defeat the purpose of lockdown no? :-) James, what would your preference be here? Jessica is right that not having CONFIG_MODULE_SIG enabled means lockdown probably doesn't work as expected, but tying it to the lockdown LSM seems inappropriate when another LSM could be providing lockdown policy and run into the same issue. Should this just be mentioned in the CONFIG_MODULE_SIG Kconfig help?