Received: by 10.223.164.221 with SMTP id h29csp39743wrb; Fri, 20 Oct 2017 16:22:53 -0700 (PDT) X-Google-Smtp-Source: ABhQp+QR4WDRX0cJAqb8e8d6KPqua0+W3oNZytbGaYxonnubxp6ZyayekjHyt6UQAF3SsUU1p3Vf X-Received: by 10.98.35.75 with SMTP id j72mr6215600pfj.82.1508541773501; Fri, 20 Oct 2017 16:22:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508541773; cv=none; d=google.com; s=arc-20160816; b=j0T2WVzjsRhuV+OFhenXQJ8kQCHkpNyZoALRFDjWdf7BkYy/BZKesyVh/S4LVvlSh6 n/zkdxH/VxmxspDbM0hPeJa6iQTc3txvsV1+mynZGkQAQduzx/RdgiMDGRg7Kb8D7h0x xVqvq0lSaxOBu+SRrZoLyMHGRA+zRBF1IFxfwdC2uHhBaB7YLQpzRbPrJ3OJbXIX6zh8 AgiSTUK01iCYOrIhezbcNe11HSLQo/RNF9Is0+9vKu+KQQr2mtckiGZ8Kw3vel9ZyL5M FnmVc1Qj0jQznV9Qr6aXARx7QSWR/NG61xx2QP4KeKKvOCdPBKyqIL2tWwcVzaocyW+3 DM/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=4o6ljW7ETy+bOwc19wzseCp/L06aj4KKsfdr39hAj70=; b=ak5NepkEZ4PWZECHH7E4MKDyysChJ0/R45YtzzZXz1xwLY5F4UJ9O97lXFNCEvcsOu 27mv4j6OPYzmBm0uDUDUkkEFnTE9137LhpJLrglSUG+CoguT+Fk168a7K0FT66dRSji3 oF0o1xLzxv2MZddpXNo/Dv2K4LWi+qcjiMDwWk7mrYwTpHtc8fr+tO+6R36XLXkMGCBQ VYRSqdJPyNl1ffuYh3Bm2h4TqQwxZzPv7tVlsnT3GQWyaovz1dG6ctYlvcMvEqDG7mPd fFKBoRrtPQxkIglG9rG2xfVFDfAjLKXhjSxtUcti3XdHlJMe/wTF5QfLAp+ELINkUV6Y A2gg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w34si1116539pla.354.2017.10.20.16.22.39; Fri, 20 Oct 2017 16:22:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753294AbdJTXVf (ORCPT + 99 others); Fri, 20 Oct 2017 19:21:35 -0400 Received: from aserp1040.oracle.com ([141.146.126.69]:19122 "EHLO aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752745AbdJTXVe (ORCPT ); Fri, 20 Oct 2017 19:21:34 -0400 Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v9KNLSk4022914 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Oct 2017 23:21:29 GMT Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id v9KNLSTh026917 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Oct 2017 23:21:28 GMT Received: from abhmp0002.oracle.com (abhmp0002.oracle.com [141.146.116.8]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id v9KNLS1o027362; Fri, 20 Oct 2017 23:21:28 GMT Received: from t440 (/87.200.50.7) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 20 Oct 2017 16:21:28 -0700 Date: Sat, 21 Oct 2017 03:21:22 +0400 (+04) From: James Morris X-X-Sender: james.l.morris@t440 To: David Howells cc: linux-security-module@vger.kernel.org, gnomes@lxorguk.ukuu.org.uk, linux-efi@vger.kernel.org, matthew.garrett@nebula.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, jforbes@redhat.com Subject: Re: [PATCH 03/27] Enforce module signatures if the kernel is locked down In-Reply-To: <150842465546.7923.6762214527898273559.stgit@warthog.procyon.org.uk> Message-ID: References: <150842463163.7923.11081723749106843698.stgit@warthog.procyon.org.uk> <150842465546.7923.6762214527898273559.stgit@warthog.procyon.org.uk> User-Agent: Alpine 2.20 (LFD 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Source-IP: aserv0021.oracle.com [141.146.126.233] Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 19 Oct 2017, David Howells wrote: > If the kernel is locked down, require that all modules have valid > signatures that we can verify. > > Signed-off-by: David Howells Reviewed-by: James Morris -- James Morris From 1581757281914087642@xxx Fri Oct 20 06:34:54 +0000 2017 X-GM-THRID: 1581705993536835286 X-Gmail-Labels: Inbox,Category Forums