Re: [RFC v2 7/7] modsig: build rules and scripts to generate keys andsign modules

From: Josh Boyer
Date: Fri Aug 17 2012 - 13:52:24 EST

Next message: KY Srinivasan: "RE: [PATCH V3 08/14] Tools: hv: Gather DNS information"
Previous message: Ben Hutchings: "Re: [PATCH V3 08/14] Tools: hv: Gather DNS information"
In reply to: Josh Boyer: "Re: [RFC v2 7/7] modsig: build rules and scripts to generate keys andsign modules"
Next in thread: Mimi Zohar: "Re: [RFC v2 7/7] modsig: build rules and scripts to generate keysand sign modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Aug 17, 2012 at 1:44 PM, Josh Boyer <jwboyer@xxxxxxxxx> wrote:
>> I still think the signed_modules_install script, renamed to something
>> like ephemeral_signed_modules_install, is worthwhile and becomes a
>> convience tool for the developer, wanting to use ephemeral keys. The
>> private key, in Dmitry's updated patches soon to be posted, will be
>> password protected with a random number, that is only accessible to the
>> current shell.
>
> I think the existence of an additional make target for signed modules
> is really confusing. Particularly when you consider the target still
> exists even if the kernel isn't setup to work with signed modules. If
> the config options are set, just have 'make modules_install' do it and
> create a key if one doesn't exist (or better yet, have 'make' do it).
>
> Also... password protecting the key that only responds to the current
> shell really sounds like a show-stopper for this being used by distros.
> There is no way a distro is going to be able to type a password in
> during a kernel build. It completely removes the usability of distros
> that want to use a per-kernel build ephemeral key. If you're going to
> do this, please wrap it in a kconfig option so the second distro case
> I mentio above is still possible.

Here's a suggestion that might help the discussion. In the next
revision of the patch set, include a document in Documentation/ that
covers the module signing design, the purposes it's intended to fit,
and a high level description of the various module loading scenarios
(signed, unsigned, signed with a key not in the keyring, etc). That
way we can at least see at a higher level what the thinking behind the
implemenation is. I think some of our back and forth (while good!) is
because we see signed modules being used for different purposes.

josh
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: KY Srinivasan: "RE: [PATCH V3 08/14] Tools: hv: Gather DNS information"
Previous message: Ben Hutchings: "Re: [PATCH V3 08/14] Tools: hv: Gather DNS information"
In reply to: Josh Boyer: "Re: [RFC v2 7/7] modsig: build rules and scripts to generate keys andsign modules"
Next in thread: Mimi Zohar: "Re: [RFC v2 7/7] modsig: build rules and scripts to generate keysand sign modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]