Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1161399AbXBOVcF (ORCPT ); Thu, 15 Feb 2007 16:32:05 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1161398AbXBOVcE (ORCPT ); Thu, 15 Feb 2007 16:32:04 -0500 Received: from neon.samage.net ([83.149.67.130]:56674 "EHLO neon.samage.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1161399AbXBOVcB (ORCPT ); Thu, 15 Feb 2007 16:32:01 -0500 Message-ID: <1715.81.207.0.53.1171575112.squirrel@secure.samage.net> In-Reply-To: <7291.1171482057@redhat.com> References: <20070214190938.6438.15091.stgit@warthog.cambridge.redhat.com> <7291.1171482057@redhat.com> Date: Thu, 15 Feb 2007 22:31:52 +0100 (CET) Subject: Re: [PATCH 0/6] MODSIGN: Kernel module signing From: "Indan Zupancic" To: "David Howells" Cc: "Linus Torvalds" , akpm@linux-foundation.org, herbert.xu@redhat.com, linux-kernel@vger.kernel.org, davej@redhat.com, arjan@infradead.org, linux-crypto@vger.kernel.org User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT X-Priority: 3 (Normal) Importance: Normal X-Spam-Score: -1.7 X-Scan-Signature: 8b3222cd26cce149ddb9ffa05c4da76e Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1648 Lines: 43 Hello, On Wed, February 14, 2007 20:40, David Howells wrote: > Linus Torvalds wrote: > >> > (1) A cut-down MPI library derived from GPG with error handling added. >> >> Do we really need to add this? > > I presume you mean the MPI library specifically? If so, then yes. It's > necessary to do DSA signature verification (or RSA for that matter). > >> Wouldn't it be much nicer to just teach people to use one of the existing >> signature things that we need for _other_ cases anyway, and already have >> merged? > > Existing signature things? I know not of such beasts, nor can I see them > offhand. The question is if using DSA/RSA is the right choice for something like this. I think that the symmetrically encrypted hash output as signature would provide the same amount of security. The only additional requirement is that the key can't be read by userspace. But if they can reach the kernel binary, they can modify it too. Same for the bootloader, where you'd want the key and initial checking anyway. Else this whole thing could be done in user space as Roman Zippel said... The ELF section stuff seems like unnecessary bloat too. Can't you use/extend modinfo, or kernel symbols? With the above changes the code should shrink to only a few hundred new lines of code, instead of thousands, and signature checking will be much faster too. Greetings, Indan - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/