Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp586819pxb; Tue, 15 Feb 2022 22:59:15 -0800 (PST) X-Google-Smtp-Source: ABdhPJz/n+7sl966q9T39itNHpKWqJ+ytNhAFhI2kNUpUmepq3rFj5+HokfEHFh4rRnGWl3U6pqt X-Received: by 2002:a17:90b:1c8c:b0:1b8:5adb:fd84 with SMTP id oo12-20020a17090b1c8c00b001b85adbfd84mr196031pjb.238.1644994754839; Tue, 15 Feb 2022 22:59:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644994754; cv=none; d=google.com; s=arc-20160816; b=uPlE5RTTbwK14PB5s/RKAuefk3Km1ieVi5jvXqLPIIQhrJmk28YEKMvPbAd5u9iJLv esfZwuZi4O1nrWN8QCsohQpgQEDe09vaSgQIcRz49bS7tlr/i/OVKc24NbEvah59LNSu 1LsQVUpulJi14rX6tN/uxIWnH/tA9eb6VYEoVfRIKwFAvnGRCDUwxh5tuQBE2gcYpRSA EOR+sX1cgUGRjRToKl0+W9rD4mBZKam09naScQkPh/kfyRqCYQRpen4cwlcKwSOK7GIP ZnIS3svfgBeOSv+MtT1Ne6rlW1k0F+ME7v1zBUURHxtJTbJn2IhclChbDiCpcl2fDOcl cYoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature:dkim-signature; bh=FlfsyHCAs0rdIX//YatnIpiwimkoa18Lt0kLGHb4O7E=; b=sqbiOgKIzPqWxIwhtNwhtBtoFLMYMT5XReJYE5c5c0MtiopDn/KDXKwJrVdWW6ze9J X68j+rt/ZQkObb3U5uLqR6ZN/32jfaEPhkfBUP9UcwNOX9xacm5O18rlHFHwdS3fa+c7 bjuLVNR+O5wOFqsMDAHc+7pdsJLoY1AXcU9P5G6qTk2NOSe6VyV1zduVAmG3SQV4M2sl RxwiQIgSeawBkWo+Q5JJ54Ni6jTQ7L45djXVMYWXkRQEqCZAwjBAdNabTtc4yShglfIG V14Je4woHBY8NvJKiEu5CAMe3u5ErFOtX6JXIvNCow0VYd93Sa/tMM8wKt+3E5MiWdSn dRaA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=OARPnhmP; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id e123si4912340pgc.862.2022.02.15.22.59.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Feb 2022 22:59:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=OARPnhmP; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 34E35245FF9; Tue, 15 Feb 2022 22:41:12 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244163AbiBOUrr (ORCPT + 99 others); Tue, 15 Feb 2022 15:47:47 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:35886 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237521AbiBOUro (ORCPT ); Tue, 15 Feb 2022 15:47:44 -0500 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4FD685FBF; Tue, 15 Feb 2022 12:47:33 -0800 (PST) Received: from relay2.suse.de (relay2.suse.de [149.44.160.134]) by smtp-out2.suse.de (Postfix) with ESMTP id C8A071F37B; Tue, 15 Feb 2022 20:47:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1644958051; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FlfsyHCAs0rdIX//YatnIpiwimkoa18Lt0kLGHb4O7E=; b=OARPnhmPW7qBVTlDY6oU/h/RXco0jkDnGZJwh7Qzb65K1gtp0B2Y2N4GnqEQYZj8Pp0sbN AdWt2MzVAqrrwO2oUaXSeVgeRYwF7OkNORYRlp22XWtm7O3mKr6KnB4guXqUfnnJUu94GW vPY36B6Jf3wxAgqmLYS26q1rp+O/vzs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1644958051; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FlfsyHCAs0rdIX//YatnIpiwimkoa18Lt0kLGHb4O7E=; b=J6eCNMY6o4jcfwtx/YyCr2tGzh12PjjFMaNcT6a8Lmgs3C8jzDsc69GNV/ct8k1n8uhUHY wg2yBhsE/yKZ73Dw== Received: from kunlun.suse.cz (unknown [10.100.128.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by relay2.suse.de (Postfix) with ESMTPS id 83940A3B83; Tue, 15 Feb 2022 20:47:31 +0000 (UTC) Date: Tue, 15 Feb 2022 21:47:30 +0100 From: Michal =?iso-8859-1?Q?Such=E1nek?= To: Mimi Zohar Cc: Catalin Marinas , Will Deacon , Heiko Carstens , Vasily Gorbik , Alexander Gordeev , Christian Borntraeger , Sven Schnelle , Philipp Rudo , Baoquan He , Alexander Egorenkov , AKASHI Takahiro , James Morse , Dave Young , Kairui Song , Martin Schwidefsky , linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org, linux-modules@vger.kernel.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, stable@kernel.org, Eric Snowberg Subject: Re: [PATCH 4/4] module, KEYS: Make use of platform keyring for signature verification Message-ID: <20220215204730.GQ3113@kunlun.suse.cz> References: <840433bc93a58d6dfc4d96c34c0c3b158a0e669d.1644953683.git.msuchanek@suse.de> <3e39412657a4b0839bcf38544d591959e89877b8.camel@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3e39412657a4b0839bcf38544d591959e89877b8.camel@linux.ibm.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello, On Tue, Feb 15, 2022 at 03:08:18PM -0500, Mimi Zohar wrote: > [Cc'ing Eric Snowberg] > > Hi Michal, > > On Tue, 2022-02-15 at 20:39 +0100, Michal Suchanek wrote: > > Commit 278311e417be ("kexec, KEYS: Make use of platform keyring for signature verify") > > adds support for use of platform keyring in kexec verification but > > support for modules is missing. > > > > Add support for verification of modules with keys from platform keyring > > as well. > > Permission for loading the pre-OS keys onto the "platform" keyring and > using them is limited to verifying the kexec kernel image, nothing > else. Why is the platform keyring limited to kexec, and nothing else? It should either be used for everything or for nothing. You have the option to compile it in and then it should be used, and the option to not compile it in and then it cannot be used. There are two basic use cases: (1) there is a vendor key which is very hard to use so you sign something small and simple like shim with the vendor key, and sign your kernel and modules with your own key that's typically enrolled with shim MOK, and built into the kernel. (2) you import your key into the firmware, and possibly disable the vendor key. You can load the kernel directly without shim, and then your signing key is typically in the platform keyring and built into the kernel. In neither case do I see any reason to use some keyrings for kexec and other keyrings for modules. Thanks Michal