Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp2849391lqo; Mon, 20 May 2024 21:14:26 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVgoG/vivZqO6QqrDywvSLv2W24i1sgyp7/mpbYc7F5VmDHHmVjefgCyKHeis2Ifilc0/v14UJcHJDO69uT58xmkLR6k+BxCvhxOgFxbA== X-Google-Smtp-Source: AGHT+IGD6ZM9arAJIRxMUs/h9qiHk9AaDuWjTANbldNNuIIWcYBxquFXSE+ZI6ukwCiaMOrRJvJ5 X-Received: by 2002:a17:90a:1f04:b0:2af:8fa4:40e with SMTP id 98e67ed59e1d1-2b6cc340faemr26690122a91.1.1716264866242; Mon, 20 May 2024 21:14:26 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716264866; cv=pass; d=google.com; s=arc-20160816; b=T8favK9m62kU9sA1CKyOcf1sMWTb2rki7Ssxd83o5u3cYz1OfABpD9KdtUBymXY5EW 9JpdRPUZ8vYK26RXc/A/z8C0Q1r63UTdPRdmOYospUzbnOM/r3lmoq+k4jhQpUiqU3ZJ q3If/dy/Whcnj2iafdO9pbzrWBGZ9QwDHiUgW3/Vlr6TGlewHBINEtp3CW44Uragclbj ++/MxpIRwDJYWWNIvsygc6d1a3jjtmziNfeWwkDXMPFD2ig/5nNgtPbRcj77Dt0elQkC UjuHr4HogfUFon37/FSU3BM3DFLcHPYx+UvFkHCFDpgPXAZL3KcyxvYDw3IW8wsNa1+s LH9g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:user-agent:from:references :in-reply-to:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:dkim-signature; bh=LQAMz+e0g3nZFFrVh6fJZF5RVSqH/2InZskkKfH8zyQ=; fh=nfqgTTcL9VKQcbU6hjTBQ9U4i7nVN7EayHye5OxYeYQ=; b=rsvOhqapXOImaUz6aobT4HIWiJ4LThFYZgtKr876yFHMX7ehzywUuI7UhAENRk0L4W Uj76DRcDwb4Aje8oZKZfd3eneTwLayWGQcAEc4ZgfTMk7G+62tV3alaelWAoSe6lUEo8 sRopgPncIzt+fVocchivga3p+PahE33msy2g0S8fhgloOlivoFhgETFkFyCBWoTCpPLx lqrSAWdLRyGFKDG+ZEgW1KzUB3kfbI3WJJUYTnpvaxPyAYyToU3IQwwssGlSV6pPf62Y Xbr5YV7+rej4PVcTbhkJuMmILOIn2aeBIn88e5SFNcEIJCacGTScFrJ7TPTKpQJQVfkh sGDQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=FqzvrUK+; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-184482-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184482-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2b628864994si265806a91.24.2024.05.20.21.14.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 20 May 2024 21:14:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-184482-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=FqzvrUK+; arc=pass (i=1 spf=pass spfdomain=chromium.org dkim=pass dkdomain=chromium.org dmarc=pass fromdomain=chromium.org); spf=pass (google.com: domain of linux-kernel+bounces-184482-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184482-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 32081B21911 for ; Tue, 21 May 2024 04:14:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 218EC225D4; Tue, 21 May 2024 04:14:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="FqzvrUK+" Received: from mail-vk1-f178.google.com (mail-vk1-f178.google.com [209.85.221.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6E9225569 for ; Tue, 21 May 2024 04:14:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.178 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716264852; cv=none; b=Ny61gB7bDi9D+FOYwt+sQMnSpMZO48mSqhPVdceo9StaGfeMBvazhZ2PMVd4z1nBCCeTAhre/7OwjNOXAn9mIl1vNqlayxjD3elSxioJwVpW7VnrdJx32soQCOVJrlRjkhOemLhRXaoP/KIIEXvWAwRC3lutZAwJSk3+AZir6Vw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716264852; c=relaxed/simple; bh=CIfsby2oPpYY3kXs4oddKQZp1v5fbpImVUNDZjOnRlQ=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=Hrq6pCX2jZvmA7TXK1obPVkmv7cBgAGJla5sX0z0dRL7osen3uA4P8lKuhzOoeG5SuU0ZLJd9XsrElOSgWoLeACYeOD58Sa4Oayv0t1DOTvP6fiJt2p+OQBcOCapOhVy0MTzehw2Xcde54qP8Z4WwxWP9K5TAoH3pHS2vPz+v+E= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=FqzvrUK+; arc=none smtp.client-ip=209.85.221.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Received: by mail-vk1-f178.google.com with SMTP id 71dfb90a1353d-4e1459a13fdso1685407e0c.3 for ; Mon, 20 May 2024 21:14:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1716264849; x=1716869649; darn=vger.kernel.org; h=cc:to:subject:message-id:date:user-agent:from:references :in-reply-to:mime-version:from:to:cc:subject:date:message-id :reply-to; bh=LQAMz+e0g3nZFFrVh6fJZF5RVSqH/2InZskkKfH8zyQ=; b=FqzvrUK+NdBYJq1VycMOMh8ZN0tRdbaKWSMXeI/6r5UUsJOLYzunr9KGFP/DsYaMwh MG8zrBUsYAbv63C1DE402ZkysrdXurAK3o44FaMD2s6W5oHluZQThEztf4R43xGiUySR Uzj9EW2DRZtNnCYEbk5O5Dyxw2xs9y9tyUEv4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716264849; x=1716869649; h=cc:to:subject:message-id:date:user-agent:from:references :in-reply-to:mime-version:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=LQAMz+e0g3nZFFrVh6fJZF5RVSqH/2InZskkKfH8zyQ=; b=spDljWt3EpoNyhaod+UNZTU92VGdmFe6X66ZVwRpn/f8VPNGujmWIeY4HH1eI2dRlq zGdUxaiRl2Xerq5z6r9sfcNjW/T88rGh1vRCPmnbhQHgXLKQw5fHZsTi/Zs3+U2CEYox ZxQ7Blb66yJzHZtgG4SE+RNe4f+KDYcytAH0DFoT7W14SuVOYK4aYPtYur3lHwD7cBJo LKZszXbkfPtm1hMKZuX9vJvWkzpV7TzUZTkaPMlqPlSGKvw79xAWf99u8gD5UE/2klLv wOetXnEt7A3jRBB01fSByPSriliLkuGn3/VhgkvSz1GSmTkN946RNS9dYOutek014fSx tfog== X-Forwarded-Encrypted: i=1; AJvYcCX61qbeRIyMnQnqOpUO/g1zuFqWaChl4afIoZhHWT1yy4hmVjxClAfEROB2n/xPY2vVShLurxlSA2xtaHuX8imSppYq6JK5DblmdGno X-Gm-Message-State: AOJu0YwNUibr7FdsLGlVrvcbtNhNCMjwy99UhEwD7tBz1gO4txO9J1pk oqegKrZOccwajY7PDH/1Va9LdBRBpFpHIRO8iDrvCB/JkBJ1+knjBcC7UbnZ6kI/vWr57bZPBJj Ot7k9JolnYZ99KuZdqTVxZ0SNMDURWxaOtOVC X-Received: by 2002:a05:6122:a19:b0:4d3:4ac2:29f4 with SMTP id 71dfb90a1353d-4df88286136mr27403633e0c.2.1716264848783; Mon, 20 May 2024 21:14:08 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Tue, 21 May 2024 00:14:08 -0400 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In-Reply-To: <202405181346.901048F98@keescook> References: <20240514224839.2526112-1-swboyd@chromium.org> <202405181346.901048F98@keescook> From: Stephen Boyd User-Agent: alot/0.10 Date: Tue, 21 May 2024 00:14:08 -0400 Message-ID: Subject: Re: [PATCH] loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression To: Kees Cook Cc: Paul Moore , James Morris , "Serge E . Hallyn" , linux-kernel@vger.kernel.org, patches@lists.linux.dev, linux-security-module@vger.kernel.org, Dmitry Torokhov , Douglas Anderson Content-Type: text/plain; charset="UTF-8" Quoting Kees Cook (2024-05-18 13:47:14) > On Tue, May 14, 2024 at 03:48:38PM -0700, Stephen Boyd wrote: > > If modules are built compressed, and LoadPin is enforcing by default, we > > must have in-kernel module decompression enabled (MODULE_DECOMPRESS). > > Modules will fail to load without decompression built into the kernel > > because they'll be blocked by LoadPin. Add a depends on clause to > > prevent this combination. > > > > Cc: Dmitry Torokhov > > Cc: Douglas Anderson > > Signed-off-by: Stephen Boyd > > --- > > security/loadpin/Kconfig | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig > > index 6724eaba3d36..8c22171088a7 100644 > > --- a/security/loadpin/Kconfig > > +++ b/security/loadpin/Kconfig > > @@ -14,6 +14,9 @@ config SECURITY_LOADPIN > > config SECURITY_LOADPIN_ENFORCE > > bool "Enforce LoadPin at boot" > > depends on SECURITY_LOADPIN > > + # Module compression breaks LoadPin unless modules are decompressed in > > + # the kernel. > > + depends on MODULE_COMPRESS_NONE || MODULE_DECOMPRESS > > help > > If selected, LoadPin will enforce pinning at boot. If not > > selected, it can be enabled at boot with the kernel parameter > > > > I've folded this change in, since loadpin also works in non-module > situations: Thanks for fixing my thinko.