Re: [PATCH 00/23] Crypto keys and module signing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Sorry to jump into this discussion only now, but
linux-modules@xxxxxxxxxxxxxxx was not CC'ed and I was not following
LKML last month.

On Thu, Jun 21, 2012 at 10:53 PM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> On Sun, May 27, 2012 at 03:11:23PM +0930, Rusty Russell wrote:
>> > > > Why would you want multiple signatures?  That just complicates things.
>> > >
>> > > The code above stays pretty simple; if the signature fails, you set size
>> > > to i, and loop again.  As I said, if you know exactly how you're going
>> > > to strip the modules, you can avoid storing the stripped module and
>> > > simply append both signatures.
>> >
>> > You still haven't justified it.  One of your arguments about rejecting the ELF
>> > parsing version was that it was too big for no useful extra value that I could
>> > justify.  Supporting multiple signatures adds extra size and complexity for no
>> > obvious value.
>>
>> One loop is a lot easier to justify that the ELF-parsing mess.  And it
>> can be done in a backwards compatible way tomorrow: old kernels will
>> only check the last signature.
>>
>> I had assumed you'd rather maintain a stable strip util which you can
>> use on kernel modules than rework your module builds.  I guess not.
>
> To dig an old thread up, but what really is wrong with the original ELF
> section stuff?  Why encode "magic" values on the end of the kernel
> module that then require all userspace tools to be modified in order to
> properly handle this?
>
> When I first did this so many many years ago an elf section made it so
> easy to handle.  Userspace didn't need to be modified, and everyone
> knows how to handle elf sections, even the kernel does :)

Indeed. What's wrong with creating an ELF section for this and let
kernel deal with it? I fail to see the need for init_module2()

I need to catch up with this discussion though since I was not aware of that.


Lucas De Marchi

>
> And I think we really want the ability to have multiple signatures, the
> whole "chain of trust" thing that is needed will work out much better if
> multiple signatures are allowed.  Putting it in an elf section allows
> this to work out easier, right?
>
> confused,

me too.


Lucas De Marchi
--
To unsubscribe from this list: send the line "unsubscribe linux-modules" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux