Documentation/admin-guide/module-signing.rst: Does the function of adding a key to ‘Builtin_trusted_key’ work?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Recently, I am learning how to use module signature.
But I got 'Permission denied' when I trying to add a 
public key to the 'builtin_trusted_keys' keyring.

root@:~# cat /proc/keys
3471e123 I------     1 perm 1f030000     0     0 asymmetri Build time autogenerated kernel key: xxxx: X509.rsa xxxx []
37e8db03 I------     1 perm 1f0b0000     0     0 keyring   .builtin_trusted_keys: 1
root@:~# keyctl padd asymmetric "" 0x37e8db03  < ./signing_key_test_sign.x509
add_key: Permission denied

The reason is the 'builtin_trusted_keys'  keyring's perm was set 
'1f0b0000' by below operate when kernel starting. 

builtin_trusted_keys =
                keyring_alloc(".builtin_trusted_keys",
                              KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
                              ((KEY_POS_ALL & ~KEY_POS_SETATTR) | 
                              KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
                              KEY_ALLOC_NOT_IN_QUOTA,
                              NULL, NULL);

And,  'add_key' interface pass the KEY_NEED_WRITE
perm to lookup_user_key. 
So -EACCES returned in key_task_permission check.

Is there something wrong in  module-signing.rst ?
Or I missed some information about it.

Best wishes
Chunxin
[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux