summaryrefslogtreecommitdiffstats
path: root/init
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2012-09-26 10:11:03 +0100
committerRusty Russell <rusty@rustcorp.com.au>2012-10-10 20:06:10 +1030
commit48ba2462ace6072741fd8d0058207d630ce93bf1 (patch)
tree3cea7661a3bd5d03631e01171c19f2123346cf01 /init
parent631cc66eb9eaa7296e303197ff1eb0f55e32b61d (diff)
downloadlinux-stable-48ba2462ace6072741fd8d0058207d630ce93bf1.tar.gz
linux-stable-48ba2462ace6072741fd8d0058207d630ce93bf1.tar.bz2
linux-stable-48ba2462ace6072741fd8d0058207d630ce93bf1.zip
MODSIGN: Implement module signature checking
Check the signature on the module against the keys compiled into the kernel or available in a hardware key store. Currently, only RSA keys are supported - though that's easy enough to change, and the signature is expected to contain raw components (so not a PGP or PKCS#7 formatted blob). The signature blob is expected to consist of the following pieces in order: (1) The binary identifier for the key. This is expected to match the SubjectKeyIdentifier from an X.509 certificate. Only X.509 type identifiers are currently supported. (2) The signature data, consisting of a series of MPIs in which each is in the format of a 2-byte BE word sizes followed by the content data. (3) A 12 byte information block of the form: struct module_signature { enum pkey_algo algo : 8; enum pkey_hash_algo hash : 8; enum pkey_id_type id_type : 8; u8 __pad; __be32 id_length; __be32 sig_length; }; The three enums are defined in crypto/public_key.h. 'algo' contains the public-key algorithm identifier (0->DSA, 1->RSA). 'hash' contains the digest algorithm identifier (0->MD4, 1->MD5, 2->SHA1, etc.). 'id_type' contains the public-key identifier type (0->PGP, 1->X.509). '__pad' should be 0. 'id_length' should contain in the binary identifier length in BE form. 'sig_length' should contain in the signature data length in BE form. The lengths are in BE order rather than CPU order to make dealing with cross-compilation easier. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (minor Kconfig fix)
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig8
1 files changed, 8 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 00d45799dee1..abc6e63f2fb8 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1588,6 +1588,14 @@ config MODULE_SRCVERSION_ALL
config MODULE_SIG
bool "Module signature verification"
depends on MODULES
+ select KEYS
+ select CRYPTO
+ select ASYMMETRIC_KEY_TYPE
+ select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select PUBLIC_KEY_ALGO_RSA
+ select ASN1
+ select OID_REGISTRY
+ select X509_CERTIFICATE_PARSER
help
Check modules for valid signatures upon load: the signature
is simply appended to the module. For more information see