Re: RFC: sign the modules at install time

From: Rusty Russell
Date: Thu Oct 18 2012 - 22:28:26 EST


Josh Boyer <jwboyer@xxxxxxxxx> writes:
> On Thu, Oct 18, 2012 at 2:46 PM, Linus Torvalds
> <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>> On Wed, Oct 17, 2012 at 10:34 PM, Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:
>>>
>>> Hacking the keyid and signer-name to be extracted every time by
>>> sign-file takes my modules_install time from 18.6 seconds to 19.1. We'd
>>> get that back easily by making sign-file a perl script anyway; it calls
>>> out to perl 3 times already.
>>
>> Ok, that tiny slowdown seems worth the cleanup, especially if we'd get
>> it back from somebody re-writing it in perl.
>>
>> Want to sign off on the two patches, or put them in your git tree?
>
> I tested Rusty's version of the 'sign modules at module_install time'
> patch in a Fedora kernel build today. It seems to work well enough,
> even if we wind up signing things twice. A brief cleanup of my patch
> to add a modules_sign target on top of that is below.

I'm surprised. Only the first signature (create on the unstripped
module) will be used by the kernel; this should fail to verify the
stripped module. A quick and dirty check is:

grep -abo '~Module' /tmp/mod/lib/modules/3.7.0-rc1+/kernel/sound/pci/snd-intel8x0.ko
39828:~Module
40432:~Module

Perhaps eu-strip actually strips the appended signature?

> It might even be able to be moved entirely into scripts/Makefile.modinst
> but I haven't gotten that far yet.

I'll leave this for the moment.

Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/