On 2025-01-23 00:28:40+0100, kpcyrd wrote:
> Thanks for reaching out, also your work on this is much appreciated and
> followed with great interest. <3
>
> On 1/20/25 6:44 PM, Thomas Weißschuh wrote:
> > diff --git a/kernel/module/main.c b/kernel/module/main.c
> > index effe1db02973d4f60ff6cbc0d3b5241a3576fa3e..094ace81d795711b56d12a2abc75ea35449c8300 100644
> > --- a/kernel/module/main.c
> > +++ b/kernel/module/main.c
> > @@ -3218,6 +3218,12 @@ static int module_integrity_check(struct load_info *info, int flags)
> > {
> > int err = 0;
> > + if (IS_ENABLED(CONFIG_MODULE_HASHES)) {
> > + err = module_hash_check(info, flags);
> > + if (!err)
> > + return 0;
> > + }
> > +
> > if (IS_ENABLED(CONFIG_MODULE_SIG))
> > err = module_sig_check(info, flags);
>
> From how I'm reading this (please let me know if I'm wrong):
<snip>
This is how it is intended, thanks for checking.
> This all seems reasonable to me, maybe the check for
> is_module_sig_enforced() could be moved from kernel/module/signing.c to
> kernel/module/main.c, otherwise `sig_enforce=1` would not have any effect
> for a `CONFIG_MODULE_HASHES && !CONFIG_MODULE_SIG` kernel.
Moving the check would complicate the logic and shouldn't make a
difference. In signing.c it ensures that a validation failure is
propagated. However that is the default behaviour in hashes.c.
Thomas
