Switch to using modsign-post-KS upstream with x509 certs
This commit is contained in:
parent
7e6e483520
commit
f0f4ff23f1
10
genkey
10
genkey
@ -1,10 +0,0 @@
|
|||||||
%pubring modsign.pub
|
|
||||||
%secring modsign.sec
|
|
||||||
%no-protection: yes
|
|
||||||
%transient-key: yes
|
|
||||||
Key-Type: RSA
|
|
||||||
Key-Length: 2048
|
|
||||||
Name-Real: Fedora Project
|
|
||||||
Name-Comment: Kernel Module GPG key
|
|
||||||
%commit
|
|
||||||
|
|
76
kernel.spec
76
kernel.spec
@ -62,7 +62,7 @@ Summary: The Linux kernel
|
|||||||
# For non-released -rc kernels, this will be appended after the rcX and
|
# For non-released -rc kernels, this will be appended after the rcX and
|
||||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||||
#
|
#
|
||||||
%global baserelease 3
|
%global baserelease 4
|
||||||
%global fedora_build %{baserelease}
|
%global fedora_build %{baserelease}
|
||||||
|
|
||||||
# base_sublevel is the kernel version we're starting with and patching
|
# base_sublevel is the kernel version we're starting with and patching
|
||||||
@ -551,19 +551,20 @@ BuildRequires: rpm-build >= 4.9.0-1, elfutils >= elfutils-0.153-1
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{signmodules}
|
%if %{signmodules}
|
||||||
BuildRequires: gnupg
|
BuildRequires: openssl
|
||||||
BuildRequires: pesign >= 0.10-4
|
BuildRequires: pesign >= 0.10-4
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Source0: ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-%{kversion}.tar.xz
|
Source0: ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-%{kversion}.tar.xz
|
||||||
|
|
||||||
%if %{signmodules}
|
%if %{signmodules}
|
||||||
Source11: genkey
|
Source11: x509.genkey
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Source15: merge.pl
|
Source15: merge.pl
|
||||||
Source16: mod-extra.list
|
Source16: mod-extra.list
|
||||||
Source17: mod-extra.sh
|
Source17: mod-extra.sh
|
||||||
|
Source18: mod-extra-sign.sh
|
||||||
|
|
||||||
Source19: Makefile.release
|
Source19: Makefile.release
|
||||||
Source20: Makefile.config
|
Source20: Makefile.config
|
||||||
@ -680,10 +681,10 @@ Patch700: linux-2.6-e1000-ich9-montevina.patch
|
|||||||
Patch800: linux-2.6-crash-driver.patch
|
Patch800: linux-2.6-crash-driver.patch
|
||||||
|
|
||||||
# crypto/
|
# crypto/
|
||||||
Patch900: modsign-20120816.patch
|
Patch900: modsign-post-KS-jwb.patch
|
||||||
|
|
||||||
# secure boot
|
# secure boot
|
||||||
Patch1000: secure-boot-20120809.patch
|
Patch1000: secure-boot-20120924.patch
|
||||||
|
|
||||||
# Improve PCI support on UEFI
|
# Improve PCI support on UEFI
|
||||||
Patch1100: handle-efi-roms.patch
|
Patch1100: handle-efi-roms.patch
|
||||||
@ -1393,10 +1394,10 @@ ApplyPatch linux-2.6-crash-driver.patch
|
|||||||
ApplyPatch linux-2.6-e1000-ich9-montevina.patch
|
ApplyPatch linux-2.6-e1000-ich9-montevina.patch
|
||||||
|
|
||||||
# crypto/
|
# crypto/
|
||||||
ApplyPatch modsign-20120816.patch
|
ApplyPatch modsign-post-KS-jwb.patch
|
||||||
|
|
||||||
# secure boot
|
# secure boot
|
||||||
ApplyPatch secure-boot-20120809.patch
|
ApplyPatch secure-boot-20120924.patch
|
||||||
|
|
||||||
# Improved PCI support for UEFI
|
# Improved PCI support for UEFI
|
||||||
ApplyPatch handle-efi-roms.patch
|
ApplyPatch handle-efi-roms.patch
|
||||||
@ -1623,13 +1624,6 @@ BuildKernel() {
|
|||||||
# we'll get it from the linux-firmware package and we don't want conflicts
|
# we'll get it from the linux-firmware package and we don't want conflicts
|
||||||
make -s ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_install KERNELRELEASE=$KernelVer mod-fw=
|
make -s ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_install KERNELRELEASE=$KernelVer mod-fw=
|
||||||
|
|
||||||
%if %{signmodules}
|
|
||||||
if [ -z "$(readelf -n $(find fs/ -name \*.ko | head -n 1) | grep module.sig)" ]; then
|
|
||||||
echo "ERROR: modules are NOT signed" >&2;
|
|
||||||
exit 1;
|
|
||||||
fi
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%ifarch %{vdso_arches}
|
%ifarch %{vdso_arches}
|
||||||
make -s ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT vdso_install KERNELRELEASE=$KernelVer
|
make -s ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT vdso_install KERNELRELEASE=$KernelVer
|
||||||
if [ ! -s ldconfig-kernel.conf ]; then
|
if [ ! -s ldconfig-kernel.conf ]; then
|
||||||
@ -1753,6 +1747,12 @@ BuildKernel() {
|
|||||||
# Call the modules-extra script to move things around
|
# Call the modules-extra script to move things around
|
||||||
%{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16}
|
%{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16}
|
||||||
|
|
||||||
|
%if %{signmodules}
|
||||||
|
# Save off the .tmp_versions/ directory. We'll use it in the
|
||||||
|
# __debug_install_post macro below to sign the right things
|
||||||
|
cp -r .tmp_versions .tmp_versions.sign${Flavour:+.${Flavour}}
|
||||||
|
%endif
|
||||||
|
|
||||||
# remove files that will be auto generated by depmod at rpm -i time
|
# remove files that will be auto generated by depmod at rpm -i time
|
||||||
for i in alias alias.bin builtin.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap devname softdep
|
for i in alias alias.bin builtin.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap devname softdep
|
||||||
do
|
do
|
||||||
@ -1875,9 +1875,56 @@ find Documentation -type d | xargs chmod u+w
|
|||||||
# This macro is used by %%install, so we must redefine it before that.
|
# This macro is used by %%install, so we must redefine it before that.
|
||||||
%define debug_package %{nil}
|
%define debug_package %{nil}
|
||||||
|
|
||||||
|
# In the modsign case, we do 3 things. 1) We check the "flavour" and hard
|
||||||
|
# code the value in the following invocations. This is somewhat sub-optimal
|
||||||
|
# but we're doing this inside of an RPM macro and it isn't as easy as it
|
||||||
|
# could be because of that. 2) We restore the .tmp_versions/ directory from
|
||||||
|
# the one we saved off in BuildKernel above. This is to make sure we're
|
||||||
|
# signing the modules we actually built/installed in that flavour. 3) We
|
||||||
|
# grab the arch and invoke 'make modules_sign' and the mod-extra-sign.sh
|
||||||
|
# commands to actually sign the modules.
|
||||||
|
#
|
||||||
|
# We have to do all of those things _after_ find-debuginfo runs, otherwise
|
||||||
|
# that will strip the signature off of the modules.
|
||||||
|
|
||||||
%if %{with_debuginfo}
|
%if %{with_debuginfo}
|
||||||
%define __debug_install_post \
|
%define __debug_install_post \
|
||||||
/usr/lib/rpm/find-debuginfo.sh %{debuginfo_args} %{_builddir}/%{?buildsubdir}\
|
/usr/lib/rpm/find-debuginfo.sh %{debuginfo_args} %{_builddir}/%{?buildsubdir}\
|
||||||
|
if [ "%{signmodules}" == "1" ]; \
|
||||||
|
then \
|
||||||
|
if [ "%{with_pae}" != "0" ]; \
|
||||||
|
then \
|
||||||
|
Arch=`head -1 configs/kernel-%{version}-%{_target_cpu}-PAE.config | cut -b 3-` \
|
||||||
|
rm -rf .tmp_versions \
|
||||||
|
mv .tmp_versions.sign.PAE .tmp_versions \
|
||||||
|
make -s ARCH=$Arch V=1 INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_sign KERNELRELEASE=%{KVERREL}.PAE \
|
||||||
|
%{SOURCE18} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAE/extra/ \
|
||||||
|
fi \
|
||||||
|
if [ "%{with_debug}" != "0" ]; \
|
||||||
|
then \
|
||||||
|
Arch=`head -1 configs/kernel-%{version}-%{_target_cpu}-debug.config | cut -b 3-` \
|
||||||
|
rm -rf .tmp_versions \
|
||||||
|
mv .tmp_versions.sign.debug .tmp_versions \
|
||||||
|
make -s ARCH=$Arch V=1 INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_sign KERNELRELEASE=%{KVERREL}.debug \
|
||||||
|
%{SOURCE18} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.debug/extra/ \
|
||||||
|
fi \
|
||||||
|
if [ "%{with_pae_debug}" != "0" ]; \
|
||||||
|
then \
|
||||||
|
Arch=`head -1 configs/kernel-%{version}-%{_target_cpu}-PAEdebug.config | cut -b 3-` \
|
||||||
|
rm -rf .tmp_versions \
|
||||||
|
mv .tmp_versions.sign.PAEdebug .tmp_versions \
|
||||||
|
make -s ARCH=$Arch V=1 INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_sign KERNELRELEASE=%{KVERREL}.PAEdebug \
|
||||||
|
%{SOURCE18} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAEdebug/extra/ \
|
||||||
|
fi \
|
||||||
|
if [ "%{with_up}" != "0" ]; \
|
||||||
|
then \
|
||||||
|
Arch=`head -1 configs/kernel-%{version}-%{_target_cpu}.config | cut -b 3-` \
|
||||||
|
rm -rf .tmp_versions \
|
||||||
|
mv .tmp_versions.sign .tmp_versions \
|
||||||
|
make -s ARCH=$Arch V=1 INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_sign KERNELRELEASE=%{KVERREL} \
|
||||||
|
%{SOURCE18} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/extra/ \
|
||||||
|
fi \
|
||||||
|
fi \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
%ifnarch noarch
|
%ifnarch noarch
|
||||||
@ -2263,6 +2310,7 @@ fi
|
|||||||
* Tue Sep 25 2012 Josh Boyer <jwboyer@redhat.com>
|
* Tue Sep 25 2012 Josh Boyer <jwboyer@redhat.com>
|
||||||
- Move the modules-extra processing to a script
|
- Move the modules-extra processing to a script
|
||||||
- Prep mod-extra.sh for signed modules
|
- Prep mod-extra.sh for signed modules
|
||||||
|
- Switch to using modsign-post-KS upstream with x509 certs
|
||||||
|
|
||||||
* Tue Sep 25 2012 Josh Boyer <jwboyer@redhat.com> - 3.6.0-0.rc7.git1.2
|
* Tue Sep 25 2012 Josh Boyer <jwboyer@redhat.com> - 3.6.0-0.rc7.git1.2
|
||||||
- Update team driver from net-next from Jiri Pirko
|
- Update team driver from net-next from Jiri Pirko
|
||||||
|
28
mod-extra-sign.sh
Executable file
28
mod-extra-sign.sh
Executable file
@ -0,0 +1,28 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
# We need to sign modules we've moved from <path>/kernel/ to <path>/extra/
|
||||||
|
# during mod-extra processing by hand. The 'modules_sign' Kbuild target can
|
||||||
|
# "handle" out-of-tree modules, but it does that by not signing them. Plus,
|
||||||
|
# the modules we've moved aren't actually out-of-tree. We've just shifted
|
||||||
|
# them to a different location behind Kbuild's back because we are mean.
|
||||||
|
|
||||||
|
# This essentially duplicates the 'modules_sign' Kbuild target and runs the
|
||||||
|
# same commands for those modules.
|
||||||
|
|
||||||
|
moddir=$1
|
||||||
|
|
||||||
|
modules=`find $moddir -name *.ko`
|
||||||
|
|
||||||
|
MODSECKEY="./signing_key.priv"
|
||||||
|
MODPUBKEY="./signing_key.x509"
|
||||||
|
|
||||||
|
for mod in $modules
|
||||||
|
do
|
||||||
|
dir=`dirname $mod`
|
||||||
|
file=`basename $mod`
|
||||||
|
|
||||||
|
sh ./scripts/sign-file ${MODSECKEY} ${MODPUBKEY} ${dir}/${file} \
|
||||||
|
${dir}/${file}.signed
|
||||||
|
mv ${dir}/${file}.signed ${dir}/${file}
|
||||||
|
rm -f ${dir}/${file}.{sig,dig}
|
||||||
|
done
|
10434
modsign-20120816.patch
10434
modsign-20120816.patch
File diff suppressed because it is too large
Load Diff
9153
modsign-post-KS-jwb.patch
Normal file
9153
modsign-post-KS-jwb.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,7 +1,7 @@
|
|||||||
From 617309bdd75bbce794ae2d41d44e7b76fb8c6d8b Mon Sep 17 00:00:00 2001
|
From 57c0dbcbafaa724313c672830ff0087f56a84c47 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Thu, 8 Mar 2012 09:56:33 -0500
|
Date: Thu, 20 Sep 2012 10:40:56 -0400
|
||||||
Subject: [PATCH 01/13] Secure boot: Add new capability
|
Subject: [PATCH 01/14] Secure boot: Add new capability
|
||||||
|
|
||||||
Secure boot adds certain policy requirements, including that root must not
|
Secure boot adds certain policy requirements, including that root must not
|
||||||
be able to do anything that could cause the kernel to execute arbitrary code.
|
be able to do anything that could cause the kernel to execute arbitrary code.
|
||||||
@ -15,7 +15,7 @@ Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
|||||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/include/linux/capability.h b/include/linux/capability.h
|
diff --git a/include/linux/capability.h b/include/linux/capability.h
|
||||||
index d10b7ed..6a39163 100644
|
index d10b7ed..4345bc8 100644
|
||||||
--- a/include/linux/capability.h
|
--- a/include/linux/capability.h
|
||||||
+++ b/include/linux/capability.h
|
+++ b/include/linux/capability.h
|
||||||
@@ -364,7 +364,11 @@ struct cpu_vfs_cap_data {
|
@@ -364,7 +364,11 @@ struct cpu_vfs_cap_data {
|
||||||
@ -23,22 +23,22 @@ index d10b7ed..6a39163 100644
|
|||||||
#define CAP_BLOCK_SUSPEND 36
|
#define CAP_BLOCK_SUSPEND 36
|
||||||
|
|
||||||
-#define CAP_LAST_CAP CAP_BLOCK_SUSPEND
|
-#define CAP_LAST_CAP CAP_BLOCK_SUSPEND
|
||||||
+/* Allow things that are dangerous under secure boot */
|
+/* Allow things that trivially permit root to modify the running kernel */
|
||||||
+
|
+
|
||||||
+#define CAP_SECURE_FIRMWARE 37
|
+#define CAP_COMPROMISE_KERNEL 37
|
||||||
+
|
+
|
||||||
+#define CAP_LAST_CAP CAP_SECURE_FIRMWARE
|
+#define CAP_LAST_CAP CAP_COMPROMISE_KERNEL
|
||||||
|
|
||||||
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
|
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
|
||||||
|
|
||||||
--
|
--
|
||||||
1.7.11.2
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
From ac892cb2320872717005736c8ef88208c12e61ee Mon Sep 17 00:00:00 2001
|
From 95fd8148be46036e20fc64c480104d2a2b454e27 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Thu, 8 Mar 2012 10:10:38 -0500
|
Date: Thu, 20 Sep 2012 10:40:57 -0400
|
||||||
Subject: [PATCH 02/13] PCI: Lock down BAR access in secure boot environments
|
Subject: [PATCH 02/14] PCI: Lock down BAR access in secure boot environments
|
||||||
|
|
||||||
Any hardware that can potentially generate DMA has to be locked down from
|
Any hardware that can potentially generate DMA has to be locked down from
|
||||||
userspace in order to avoid it being possible for an attacker to cause
|
userspace in order to avoid it being possible for an attacker to cause
|
||||||
@ -53,14 +53,14 @@ Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
|||||||
3 files changed, 17 insertions(+), 2 deletions(-)
|
3 files changed, 17 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
|
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
|
||||||
index 6869009..a1ad0f7 100644
|
index 6869009..c03fb85 100644
|
||||||
--- a/drivers/pci/pci-sysfs.c
|
--- a/drivers/pci/pci-sysfs.c
|
||||||
+++ b/drivers/pci/pci-sysfs.c
|
+++ b/drivers/pci/pci-sysfs.c
|
||||||
@@ -542,6 +542,9 @@ pci_write_config(struct file* filp, struct kobject *kobj,
|
@@ -542,6 +542,9 @@ pci_write_config(struct file* filp, struct kobject *kobj,
|
||||||
loff_t init_off = off;
|
loff_t init_off = off;
|
||||||
u8 *data = (u8*) buf;
|
u8 *data = (u8*) buf;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
if (off > dev->cfg_size)
|
if (off > dev->cfg_size)
|
||||||
@ -70,7 +70,7 @@ index 6869009..a1ad0f7 100644
|
|||||||
resource_size_t start, end;
|
resource_size_t start, end;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
for (i = 0; i < PCI_ROM_RESOURCE; i++)
|
for (i = 0; i < PCI_ROM_RESOURCE; i++)
|
||||||
@ -80,21 +80,21 @@ index 6869009..a1ad0f7 100644
|
|||||||
struct bin_attribute *attr, char *buf,
|
struct bin_attribute *attr, char *buf,
|
||||||
loff_t off, size_t count)
|
loff_t off, size_t count)
|
||||||
{
|
{
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
|
return pci_resource_io(filp, kobj, attr, buf, off, count, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
|
||||||
index 27911b5..01d4753 100644
|
index 27911b5..ac8c9a5 100644
|
||||||
--- a/drivers/pci/proc.c
|
--- a/drivers/pci/proc.c
|
||||||
+++ b/drivers/pci/proc.c
|
+++ b/drivers/pci/proc.c
|
||||||
@@ -135,6 +135,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof
|
@@ -135,6 +135,9 @@ proc_bus_pci_write(struct file *file, const char __user *buf, size_t nbytes, lof
|
||||||
int size = dp->size;
|
int size = dp->size;
|
||||||
int cnt;
|
int cnt;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
if (pos >= size)
|
if (pos >= size)
|
||||||
@ -104,7 +104,7 @@ index 27911b5..01d4753 100644
|
|||||||
#endif /* HAVE_PCI_MMAP */
|
#endif /* HAVE_PCI_MMAP */
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
switch (cmd) {
|
switch (cmd) {
|
||||||
@ -115,12 +115,12 @@ index 27911b5..01d4753 100644
|
|||||||
int i, ret;
|
int i, ret;
|
||||||
|
|
||||||
- if (!capable(CAP_SYS_RAWIO))
|
- if (!capable(CAP_SYS_RAWIO))
|
||||||
+ if (!capable(CAP_SYS_RAWIO) || !capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_SYS_RAWIO) || !capable(CAP_COMPROMISE_KERNEL))
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
|
|
||||||
/* Make sure the caller is mapping a real resource for this device */
|
/* Make sure the caller is mapping a real resource for this device */
|
||||||
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
|
diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c
|
||||||
index e1c1ec5..a778ba9 100644
|
index e1c1ec5..97e785f 100644
|
||||||
--- a/drivers/pci/syscall.c
|
--- a/drivers/pci/syscall.c
|
||||||
+++ b/drivers/pci/syscall.c
|
+++ b/drivers/pci/syscall.c
|
||||||
@@ -92,7 +92,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
|
@@ -92,7 +92,7 @@ SYSCALL_DEFINE5(pciconfig_write, unsigned long, bus, unsigned long, dfn,
|
||||||
@ -128,18 +128,18 @@ index e1c1ec5..a778ba9 100644
|
|||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
- if (!capable(CAP_SYS_ADMIN))
|
- if (!capable(CAP_SYS_ADMIN))
|
||||||
+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_COMPROMISE_KERNEL))
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
|
|
||||||
dev = pci_get_bus_and_slot(bus, dfn);
|
dev = pci_get_bus_and_slot(bus, dfn);
|
||||||
--
|
--
|
||||||
1.7.11.2
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
From 4c02feefb934d587f03c74cc48e8d58904416c68 Mon Sep 17 00:00:00 2001
|
From 2d23d2726583d79062e58abcc32c7dd027d312aa Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Thu, 8 Mar 2012 10:35:59 -0500
|
Date: Thu, 20 Sep 2012 10:40:58 -0400
|
||||||
Subject: [PATCH 03/13] x86: Lock down IO port access in secure boot
|
Subject: [PATCH 03/14] x86: Lock down IO port access in secure boot
|
||||||
environments
|
environments
|
||||||
|
|
||||||
IO port access would permit users to gain access to PCI configuration
|
IO port access would permit users to gain access to PCI configuration
|
||||||
@ -154,7 +154,7 @@ Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
|||||||
2 files changed, 5 insertions(+), 2 deletions(-)
|
2 files changed, 5 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
|
diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c
|
||||||
index 8c96897..c3a1bb2 100644
|
index 8c96897..a2578c4 100644
|
||||||
--- a/arch/x86/kernel/ioport.c
|
--- a/arch/x86/kernel/ioport.c
|
||||||
+++ b/arch/x86/kernel/ioport.c
|
+++ b/arch/x86/kernel/ioport.c
|
||||||
@@ -28,7 +28,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
|
@@ -28,7 +28,7 @@ asmlinkage long sys_ioperm(unsigned long from, unsigned long num, int turn_on)
|
||||||
@ -162,7 +162,7 @@ index 8c96897..c3a1bb2 100644
|
|||||||
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
|
if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
- if (turn_on && !capable(CAP_SYS_RAWIO))
|
- if (turn_on && !capable(CAP_SYS_RAWIO))
|
||||||
+ if (turn_on && (!capable(CAP_SYS_RAWIO) || !capable(CAP_SECURE_FIRMWARE)))
|
+ if (turn_on && (!capable(CAP_SYS_RAWIO) || !capable(CAP_COMPROMISE_KERNEL)))
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -171,32 +171,32 @@ index 8c96897..c3a1bb2 100644
|
|||||||
/* Trying to gain more privileges? */
|
/* Trying to gain more privileges? */
|
||||||
if (level > old) {
|
if (level > old) {
|
||||||
- if (!capable(CAP_SYS_RAWIO))
|
- if (!capable(CAP_SYS_RAWIO))
|
||||||
+ if (!capable(CAP_SYS_RAWIO) || !capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_SYS_RAWIO) || !capable(CAP_COMPROMISE_KERNEL))
|
||||||
return -EPERM;
|
return -EPERM;
|
||||||
}
|
}
|
||||||
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
|
regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
|
||||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||||
index e5eedfa..8f5f872 100644
|
index e5eedfa..1e0a660 100644
|
||||||
--- a/drivers/char/mem.c
|
--- a/drivers/char/mem.c
|
||||||
+++ b/drivers/char/mem.c
|
+++ b/drivers/char/mem.c
|
||||||
@@ -597,6 +597,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
|
@@ -597,6 +597,9 @@ static ssize_t write_port(struct file *file, const char __user *buf,
|
||||||
unsigned long i = *ppos;
|
unsigned long i = *ppos;
|
||||||
const char __user * tmp = buf;
|
const char __user * tmp = buf;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
if (!access_ok(VERIFY_READ, buf, count))
|
if (!access_ok(VERIFY_READ, buf, count))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
while (count-- > 0 && i < 65536) {
|
while (count-- > 0 && i < 65536) {
|
||||||
--
|
--
|
||||||
1.7.11.2
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
From d379d102316075d51011b81748433530d294a70c Mon Sep 17 00:00:00 2001
|
From e063cb2f3a667d2540682d4bdbef91fdb23b1a84 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Fri, 9 Mar 2012 08:39:37 -0500
|
Date: Thu, 20 Sep 2012 10:40:59 -0400
|
||||||
Subject: [PATCH 04/13] ACPI: Limit access to custom_method
|
Subject: [PATCH 04/14] ACPI: Limit access to custom_method
|
||||||
|
|
||||||
It must be impossible for even root to get code executed in kernel context
|
It must be impossible for even root to get code executed in kernel context
|
||||||
under a secure boot environment. custom_method effectively allows arbitrary
|
under a secure boot environment. custom_method effectively allows arbitrary
|
||||||
@ -208,27 +208,27 @@ Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
|||||||
1 file changed, 3 insertions(+)
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
|
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
|
||||||
index 5d42c24..3e78014 100644
|
index 5d42c24..247d58b 100644
|
||||||
--- a/drivers/acpi/custom_method.c
|
--- a/drivers/acpi/custom_method.c
|
||||||
+++ b/drivers/acpi/custom_method.c
|
+++ b/drivers/acpi/custom_method.c
|
||||||
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
|
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
|
||||||
struct acpi_table_header table;
|
struct acpi_table_header table;
|
||||||
acpi_status status;
|
acpi_status status;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
if (!(*ppos)) {
|
if (!(*ppos)) {
|
||||||
/* parse the table header to get the table length */
|
/* parse the table header to get the table length */
|
||||||
if (count <= sizeof(struct acpi_table_header))
|
if (count <= sizeof(struct acpi_table_header))
|
||||||
--
|
--
|
||||||
1.7.11.2
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
From afc7c002eb264fc745a38fb6ec322be4928338dd Mon Sep 17 00:00:00 2001
|
From a1cccbd084c7355dcb2be7ae2934f168ce9ba9d5 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Fri, 9 Mar 2012 08:46:50 -0500
|
Date: Thu, 20 Sep 2012 10:41:00 -0400
|
||||||
Subject: [PATCH 05/13] asus-wmi: Restrict debugfs interface
|
Subject: [PATCH 05/14] asus-wmi: Restrict debugfs interface
|
||||||
|
|
||||||
We have no way of validating what all of the Asus WMI methods do on a
|
We have no way of validating what all of the Asus WMI methods do on a
|
||||||
given machine, and there's a risk that some will allow hardware state to
|
given machine, and there's a risk that some will allow hardware state to
|
||||||
@ -241,47 +241,47 @@ Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
|||||||
1 file changed, 9 insertions(+)
|
1 file changed, 9 insertions(+)
|
||||||
|
|
||||||
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c
|
||||||
index c7a36f6..0fb58bc 100644
|
index 2eb9fe8..61e055d 100644
|
||||||
--- a/drivers/platform/x86/asus-wmi.c
|
--- a/drivers/platform/x86/asus-wmi.c
|
||||||
+++ b/drivers/platform/x86/asus-wmi.c
|
+++ b/drivers/platform/x86/asus-wmi.c
|
||||||
@@ -1509,6 +1509,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
@@ -1523,6 +1523,9 @@ static int show_dsts(struct seq_file *m, void *data)
|
||||||
int err;
|
int err;
|
||||||
u32 retval = -1;
|
u32 retval = -1;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
|
err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval);
|
||||||
|
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
@@ -1525,6 +1528,9 @@ static int show_devs(struct seq_file *m, void *data)
|
@@ -1539,6 +1542,9 @@ static int show_devs(struct seq_file *m, void *data)
|
||||||
int err;
|
int err;
|
||||||
u32 retval = -1;
|
u32 retval = -1;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
|
err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param,
|
||||||
&retval);
|
&retval);
|
||||||
|
|
||||||
@@ -1549,6 +1555,9 @@ static int show_call(struct seq_file *m, void *data)
|
@@ -1563,6 +1569,9 @@ static int show_call(struct seq_file *m, void *data)
|
||||||
union acpi_object *obj;
|
union acpi_object *obj;
|
||||||
acpi_status status;
|
acpi_status status;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
|
status = wmi_evaluate_method(ASUS_WMI_MGMT_GUID,
|
||||||
1, asus->debug.method_id,
|
1, asus->debug.method_id,
|
||||||
&input, &output);
|
&input, &output);
|
||||||
--
|
--
|
||||||
1.7.11.2
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
From 21bd1f0da09b40a0ba50636267f7eac8f839a336 Mon Sep 17 00:00:00 2001
|
From 1c9e53b626268f82509062751eda14e8572717cf Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Fri, 9 Mar 2012 09:28:15 -0500
|
Date: Thu, 20 Sep 2012 10:41:01 -0400
|
||||||
Subject: [PATCH 06/13] Restrict /dev/mem and /dev/kmem in secure boot setups
|
Subject: [PATCH 06/14] Restrict /dev/mem and /dev/kmem in secure boot setups
|
||||||
|
|
||||||
Allowing users to write to address space makes it possible for the kernel
|
Allowing users to write to address space makes it possible for the kernel
|
||||||
to be subverted. Restrict this when we need to protect the kernel.
|
to be subverted. Restrict this when we need to protect the kernel.
|
||||||
@ -292,14 +292,14 @@ Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
|||||||
1 file changed, 6 insertions(+)
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
|
||||||
index 8f5f872..c1de8e1 100644
|
index 1e0a660..33eb947 100644
|
||||||
--- a/drivers/char/mem.c
|
--- a/drivers/char/mem.c
|
||||||
+++ b/drivers/char/mem.c
|
+++ b/drivers/char/mem.c
|
||||||
@@ -158,6 +158,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
@@ -158,6 +158,9 @@ static ssize_t write_mem(struct file *file, const char __user *buf,
|
||||||
unsigned long copied;
|
unsigned long copied;
|
||||||
void *ptr;
|
void *ptr;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
if (!valid_phys_addr_range(p, count))
|
if (!valid_phys_addr_range(p, count))
|
||||||
@ -309,96 +309,86 @@ index 8f5f872..c1de8e1 100644
|
|||||||
char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
|
char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
|
||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
+ if (!capable(CAP_SECURE_FIRMWARE))
|
+ if (!capable(CAP_COMPROMISE_KERNEL))
|
||||||
+ return -EPERM;
|
+ return -EPERM;
|
||||||
+
|
+
|
||||||
if (p < (unsigned long) high_memory) {
|
if (p < (unsigned long) high_memory) {
|
||||||
unsigned long to_write = min_t(unsigned long, count,
|
unsigned long to_write = min_t(unsigned long, count,
|
||||||
(unsigned long)high_memory - p);
|
(unsigned long)high_memory - p);
|
||||||
--
|
--
|
||||||
1.7.11.2
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
From 1940a18cd651113f5b46f5a41290065963d6fbad Mon Sep 17 00:00:00 2001
|
From fbf919bf372b9a7a08bdacac8129d47ced1b1f19 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
|
||||||
Date: Fri, 9 Mar 2012 11:47:56 -0500
|
|
||||||
Subject: [PATCH 07/13] kexec: Disable in a secure boot environment
|
|
||||||
|
|
||||||
kexec could be used as a vector for a malicious user to use a signed kernel
|
|
||||||
to circumvent the secure boot trust model. In the long run we'll want to
|
|
||||||
support signed kexec payloads, but for the moment we should just disable
|
|
||||||
loading entirely in that situation.
|
|
||||||
|
|
||||||
Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
|
||||||
---
|
|
||||||
kernel/kexec.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
|
||||||
index 0668d58..48852ec 100644
|
|
||||||
--- a/kernel/kexec.c
|
|
||||||
+++ b/kernel/kexec.c
|
|
||||||
@@ -944,7 +944,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
|
||||||
int result;
|
|
||||||
|
|
||||||
/* We only trust the superuser with rebooting the system. */
|
|
||||||
- if (!capable(CAP_SYS_BOOT))
|
|
||||||
+ if (!capable(CAP_SYS_BOOT) || !capable(CAP_SECURE_FIRMWARE))
|
|
||||||
return -EPERM;
|
|
||||||
|
|
||||||
/*
|
|
||||||
--
|
|
||||||
1.7.11.2
|
|
||||||
|
|
||||||
|
|
||||||
From c83bad5d60b8f02ebbedf9b4c4b69cdee49a7976 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Mon, 25 Jun 2012 19:45:15 -0400
|
Date: Thu, 20 Sep 2012 10:41:02 -0400
|
||||||
Subject: [PATCH 08/13] Secure boot: Add a dummy kernel parameter that will
|
Subject: [PATCH 07/14] Secure boot: Add a dummy kernel parameter that will
|
||||||
switch on Secure Boot mode
|
switch on Secure Boot mode
|
||||||
|
|
||||||
This forcibly drops CAP_SECURE_FIRMWARE from both cap_permitted and cap_bset
|
This forcibly drops CAP_COMPROMISE_KERNEL from both cap_permitted and cap_bset
|
||||||
in the init_cred struct, which everything else inherits from. This works on
|
in the init_cred struct, which everything else inherits from. This works on
|
||||||
any machine and can be used to develop even if the box doesn't have UEFI.
|
any machine and can be used to develop even if the box doesn't have UEFI.
|
||||||
|
|
||||||
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
||||||
---
|
---
|
||||||
kernel/cred.c | 14 ++++++++++++++
|
Documentation/kernel-parameters.txt | 7 +++++++
|
||||||
1 file changed, 14 insertions(+)
|
kernel/cred.c | 17 +++++++++++++++++
|
||||||
|
2 files changed, 24 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
|
||||||
|
index 9b2b8d3..93978d5 100644
|
||||||
|
--- a/Documentation/kernel-parameters.txt
|
||||||
|
+++ b/Documentation/kernel-parameters.txt
|
||||||
|
@@ -2562,6 +2562,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
|
||||||
|
Note: increases power consumption, thus should only be
|
||||||
|
enabled if running jitter sensitive (HPC/RT) workloads.
|
||||||
|
|
||||||
|
+ secureboot_enable=
|
||||||
|
+ [KNL] Enables an emulated UEFI Secure Boot mode. This
|
||||||
|
+ locks down various aspects of the kernel guarded by the
|
||||||
|
+ CAP_COMPROMISE_KERNEL capability. This includes things
|
||||||
|
+ like /dev/mem, IO port access, and other areas. It can
|
||||||
|
+ be used on non-UEFI machines for testing purposes.
|
||||||
|
+
|
||||||
|
security= [SECURITY] Choose a security module to enable at boot.
|
||||||
|
If this boot parameter is not specified, only the first
|
||||||
|
security module asking for security registration will be
|
||||||
diff --git a/kernel/cred.c b/kernel/cred.c
|
diff --git a/kernel/cred.c b/kernel/cred.c
|
||||||
index de728ac..0d71d02 100644
|
index de728ac..7e6e83f 100644
|
||||||
--- a/kernel/cred.c
|
--- a/kernel/cred.c
|
||||||
+++ b/kernel/cred.c
|
+++ b/kernel/cred.c
|
||||||
@@ -623,6 +623,20 @@ void __init cred_init(void)
|
@@ -623,6 +623,23 @@ void __init cred_init(void)
|
||||||
0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
|
0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
+/* Dummy Secure Boot enable option to fake out UEFI SB=1 */
|
+void __init secureboot_enable()
|
||||||
+static int __init secureboot_enable(char *str)
|
|
||||||
+{
|
+{
|
||||||
+
|
+ pr_info("Secure boot enabled\n");
|
||||||
+ int sb_enable = !!simple_strtol(str, NULL, 0);
|
+ cap_lower((&init_cred)->cap_bset, CAP_COMPROMISE_KERNEL);
|
||||||
+ pr_info("Secure Boot mode %s\n", (sb_enable ? "enabled" : "disabled"));
|
+ cap_lower((&init_cred)->cap_permitted, CAP_COMPROMISE_KERNEL);
|
||||||
+ if (sb_enable) {
|
|
||||||
+ cap_lower((&init_cred)->cap_bset, CAP_SECURE_FIRMWARE);
|
|
||||||
+ cap_lower((&init_cred)->cap_permitted, CAP_SECURE_FIRMWARE);
|
|
||||||
+}
|
+}
|
||||||
|
+
|
||||||
|
+/* Dummy Secure Boot enable option to fake out UEFI SB=1 */
|
||||||
|
+static int __init secureboot_enable_opt(char *str)
|
||||||
|
+{
|
||||||
|
+ int sb_enable = !!simple_strtol(str, NULL, 0);
|
||||||
|
+ if (sb_enable)
|
||||||
|
+ secureboot_enable();
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+}
|
+}
|
||||||
+__setup("secureboot_enable=", secureboot_enable);
|
+__setup("secureboot_enable=", secureboot_enable_opt);
|
||||||
+
|
+
|
||||||
/**
|
/**
|
||||||
* prepare_kernel_cred - Prepare a set of credentials for a kernel service
|
* prepare_kernel_cred - Prepare a set of credentials for a kernel service
|
||||||
* @daemon: A userspace daemon to be used as a reference
|
* @daemon: A userspace daemon to be used as a reference
|
||||||
--
|
--
|
||||||
1.7.11.2
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
From b70595f1523ecadc4ce9d43e9a0c465436ed1007 Mon Sep 17 00:00:00 2001
|
From 43ed7865d867ae692e30227d66fa58cdecbd9269 Mon Sep 17 00:00:00 2001
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
Date: Wed, 18 Jul 2012 11:28:00 -0400
|
Date: Thu, 20 Sep 2012 10:41:03 -0400
|
||||||
Subject: [PATCH 09/13] efi: Enable secure boot lockdown automatically when
|
Subject: [PATCH 08/14] efi: Enable secure boot lockdown automatically when
|
||||||
enabled in firmware
|
enabled in firmware
|
||||||
|
|
||||||
The firmware has a set of flags that indicate whether secure boot is enabled
|
The firmware has a set of flags that indicate whether secure boot is enabled
|
||||||
@ -407,13 +397,26 @@ down.
|
|||||||
|
|
||||||
Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
||||||
---
|
---
|
||||||
|
Documentation/x86/zero-page.txt | 2 ++
|
||||||
arch/x86/boot/compressed/eboot.c | 32 ++++++++++++++++++++++++++++++++
|
arch/x86/boot/compressed/eboot.c | 32 ++++++++++++++++++++++++++++++++
|
||||||
arch/x86/include/asm/bootparam.h | 3 ++-
|
arch/x86/include/asm/bootparam.h | 3 ++-
|
||||||
arch/x86/kernel/setup.c | 3 +++
|
arch/x86/kernel/setup.c | 3 +++
|
||||||
include/linux/cred.h | 2 ++
|
include/linux/cred.h | 2 ++
|
||||||
kernel/cred.c | 18 +++++++++++-------
|
5 files changed, 41 insertions(+), 1 deletion(-)
|
||||||
5 files changed, 50 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
|
diff --git a/Documentation/x86/zero-page.txt b/Documentation/x86/zero-page.txt
|
||||||
|
index cf5437d..7f9ed48 100644
|
||||||
|
--- a/Documentation/x86/zero-page.txt
|
||||||
|
+++ b/Documentation/x86/zero-page.txt
|
||||||
|
@@ -27,6 +27,8 @@ Offset Proto Name Meaning
|
||||||
|
1E9/001 ALL eddbuf_entries Number of entries in eddbuf (below)
|
||||||
|
1EA/001 ALL edd_mbr_sig_buf_entries Number of entries in edd_mbr_sig_buffer
|
||||||
|
(below)
|
||||||
|
+1EB/001 ALL kbd_status Numlock is enabled
|
||||||
|
+1EC/001 ALL secure_boot Kernel should enable secure boot lockdowns
|
||||||
|
290/040 ALL edd_mbr_sig_buffer EDD MBR signatures
|
||||||
|
2D0/A00 ALL e820_map E820 memory map table
|
||||||
|
(array of struct e820entry)
|
||||||
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
|
||||||
index b3e0227..3789356 100644
|
index b3e0227..3789356 100644
|
||||||
--- a/arch/x86/boot/compressed/eboot.c
|
--- a/arch/x86/boot/compressed/eboot.c
|
||||||
@ -505,54 +508,19 @@ index ebbed2c..a24faf1 100644
|
|||||||
/*
|
/*
|
||||||
* check for validity of credentials
|
* check for validity of credentials
|
||||||
*/
|
*/
|
||||||
diff --git a/kernel/cred.c b/kernel/cred.c
|
|
||||||
index 0d71d02..c43e2b0 100644
|
|
||||||
--- a/kernel/cred.c
|
|
||||||
+++ b/kernel/cred.c
|
|
||||||
@@ -623,19 +623,23 @@ void __init cred_init(void)
|
|
||||||
0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
|
|
||||||
}
|
|
||||||
|
|
||||||
+void __init secureboot_enable()
|
|
||||||
+{
|
|
||||||
+ pr_info("Secure boot enabled\n");
|
|
||||||
+ cap_lower((&init_cred)->cap_bset, CAP_SECURE_FIRMWARE);
|
|
||||||
+ cap_lower((&init_cred)->cap_permitted, CAP_SECURE_FIRMWARE);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/* Dummy Secure Boot enable option to fake out UEFI SB=1 */
|
|
||||||
-static int __init secureboot_enable(char *str)
|
|
||||||
+static int __init secureboot_enable_opt(char *str)
|
|
||||||
{
|
|
||||||
|
|
||||||
int sb_enable = !!simple_strtol(str, NULL, 0);
|
|
||||||
- pr_info("Secure Boot mode %s\n", (sb_enable ? "enabled" : "disabled"));
|
|
||||||
- if (sb_enable) {
|
|
||||||
- cap_lower((&init_cred)->cap_bset, CAP_SECURE_FIRMWARE);
|
|
||||||
- cap_lower((&init_cred)->cap_permitted, CAP_SECURE_FIRMWARE);
|
|
||||||
- }
|
|
||||||
+ if (sb_enable)
|
|
||||||
+ secureboot_enable();
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
-__setup("secureboot_enable=", secureboot_enable);
|
|
||||||
+__setup("secureboot_enable=", secureboot_enable_opt);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* prepare_kernel_cred - Prepare a set of credentials for a kernel service
|
|
||||||
--
|
--
|
||||||
1.7.11.2
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
From 411c18c35ccacb1a9e3f3dc67383a6431e110e17 Mon Sep 17 00:00:00 2001
|
From 3acf1ceb5f6f3be9103c9da16ddc24afc6d8b02a Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Mon, 25 Jun 2012 19:57:30 -0400
|
Date: Thu, 20 Sep 2012 10:41:04 -0400
|
||||||
Subject: [PATCH 10/13] acpi: Ignore acpi_rsdp kernel parameter in a secure
|
Subject: [PATCH 09/14] acpi: Ignore acpi_rsdp kernel parameter in a secure
|
||||||
boot environment
|
boot environment
|
||||||
|
|
||||||
This option allows userspace to pass the RSDP address to the kernel. This
|
This option allows userspace to pass the RSDP address to the kernel. This
|
||||||
could potentially be used to circumvent the secure boot trust model.
|
could potentially be used to circumvent the secure boot trust model.
|
||||||
We ignore the setting if we don't have the CAP_SECURE_FIRMWARE capability.
|
We ignore the setting if we don't have the CAP_COMPROMISE_KERNEL capability.
|
||||||
|
|
||||||
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
||||||
---
|
---
|
||||||
@ -560,7 +528,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
|
||||||
index 9eaf708..50c94e4 100644
|
index 9eaf708..f94341b 100644
|
||||||
--- a/drivers/acpi/osl.c
|
--- a/drivers/acpi/osl.c
|
||||||
+++ b/drivers/acpi/osl.c
|
+++ b/drivers/acpi/osl.c
|
||||||
@@ -246,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
@@ -246,7 +246,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
|
||||||
@ -568,18 +536,83 @@ index 9eaf708..50c94e4 100644
|
|||||||
{
|
{
|
||||||
#ifdef CONFIG_KEXEC
|
#ifdef CONFIG_KEXEC
|
||||||
- if (acpi_rsdp)
|
- if (acpi_rsdp)
|
||||||
+ if (acpi_rsdp && capable(CAP_SECURE_FIRMWARE))
|
+ if (acpi_rsdp && capable(CAP_COMPROMISE_KERNEL))
|
||||||
return acpi_rsdp;
|
return acpi_rsdp;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
--
|
--
|
||||||
1.7.11.2
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
From 7bf87e8da8c7b57ba7f9448855c8ec84c684fb65 Mon Sep 17 00:00:00 2001
|
From 03fb06d272ddc1062e610521c5cfdbe42f251209 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
|
Date: Thu, 20 Sep 2012 10:41:05 -0400
|
||||||
|
Subject: [PATCH 10/14] SELinux: define mapping for new Secure Boot capability
|
||||||
|
|
||||||
|
Add the name of the new Secure Boot capability. This allows SELinux
|
||||||
|
policies to properly map CAP_COMPROMISE_KERNEL to the appropriate
|
||||||
|
capability class.
|
||||||
|
|
||||||
|
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
||||||
|
---
|
||||||
|
security/selinux/include/classmap.h | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
|
||||||
|
index df2de54..70e2834 100644
|
||||||
|
--- a/security/selinux/include/classmap.h
|
||||||
|
+++ b/security/selinux/include/classmap.h
|
||||||
|
@@ -146,8 +146,8 @@ struct security_class_mapping secclass_map[] = {
|
||||||
|
{ "memprotect", { "mmap_zero", NULL } },
|
||||||
|
{ "peer", { "recv", NULL } },
|
||||||
|
{ "capability2",
|
||||||
|
- { "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend",
|
||||||
|
- NULL } },
|
||||||
|
+ { "mac_override", "mac_admin", "syslog", "wake_alarm",
|
||||||
|
+ "block_suspend", "compromise_kernel", NULL } },
|
||||||
|
{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
|
||||||
|
{ "tun_socket",
|
||||||
|
{ COMMON_SOCK_PERMS, NULL } },
|
||||||
|
--
|
||||||
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
|
From 0cfaa5ecf01f8eaaa2a84d88b7258a94ac9a1bfe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
|
Date: Tue, 4 Sep 2012 11:55:13 -0400
|
||||||
|
Subject: [PATCH 11/14] kexec: Disable in a secure boot environment
|
||||||
|
|
||||||
|
kexec could be used as a vector for a malicious user to use a signed kernel
|
||||||
|
to circumvent the secure boot trust model. In the long run we'll want to
|
||||||
|
support signed kexec payloads, but for the moment we should just disable
|
||||||
|
loading entirely in that situation.
|
||||||
|
|
||||||
|
Signed-off-by: Matthew Garrett <mjg@redhat.com>
|
||||||
|
---
|
||||||
|
kernel/kexec.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/kernel/kexec.c b/kernel/kexec.c
|
||||||
|
index 0668d58..8b976a5 100644
|
||||||
|
--- a/kernel/kexec.c
|
||||||
|
+++ b/kernel/kexec.c
|
||||||
|
@@ -944,7 +944,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
|
||||||
|
int result;
|
||||||
|
|
||||||
|
/* We only trust the superuser with rebooting the system. */
|
||||||
|
- if (!capable(CAP_SYS_BOOT))
|
||||||
|
+ if (!capable(CAP_SYS_BOOT) || !capable(CAP_COMPROMISE_KERNEL))
|
||||||
|
return -EPERM;
|
||||||
|
|
||||||
|
/*
|
||||||
|
--
|
||||||
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
|
From 895c46276788b3711aee05a1a1d685eff69d48b9 Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
Date: Mon, 25 Jun 2012 21:29:46 -0400
|
Date: Mon, 25 Jun 2012 21:29:46 -0400
|
||||||
Subject: [PATCH 11/13] Documentation: kernel-parameters.txt remove
|
Subject: [PATCH 12/14] Documentation: kernel-parameters.txt remove
|
||||||
capability.disable
|
capability.disable
|
||||||
|
|
||||||
Remove the documentation for capability.disable. The code supporting this
|
Remove the documentation for capability.disable. The code supporting this
|
||||||
@ -597,7 +630,7 @@ Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
|||||||
1 file changed, 6 deletions(-)
|
1 file changed, 6 deletions(-)
|
||||||
|
|
||||||
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
|
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
|
||||||
index ad7e2e5..33c4029 100644
|
index 93978d5..e3e5f8c 100644
|
||||||
--- a/Documentation/kernel-parameters.txt
|
--- a/Documentation/kernel-parameters.txt
|
||||||
+++ b/Documentation/kernel-parameters.txt
|
+++ b/Documentation/kernel-parameters.txt
|
||||||
@@ -446,12 +446,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
|
@@ -446,12 +446,6 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
|
||||||
@ -614,98 +647,13 @@ index ad7e2e5..33c4029 100644
|
|||||||
See Documentation/s390/CommonIO for details.
|
See Documentation/s390/CommonIO for details.
|
||||||
|
|
||||||
--
|
--
|
||||||
1.7.11.2
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
From ec0ca55ba3d1c2a59b0c0b6e38f7ae9966d676aa Mon Sep 17 00:00:00 2001
|
From 294d339c63b0f67a362efaa62713f26d9f496da8 Mon Sep 17 00:00:00 2001
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
|
||||||
Date: Tue, 26 Jun 2012 14:15:51 -0400
|
|
||||||
Subject: [PATCH 12/13] SELinux: define mapping for new Secure Boot capability
|
|
||||||
|
|
||||||
Add the name of the new Secure Boot capability. This allows SELinux
|
|
||||||
policies to properly map CAP_SECURE_FIRMWARE to the appropriate
|
|
||||||
capability class.
|
|
||||||
|
|
||||||
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
|
||||||
---
|
|
||||||
security/selinux/include/classmap.h | 4 ++--
|
|
||||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
|
|
||||||
index df2de54..0a1e348 100644
|
|
||||||
--- a/security/selinux/include/classmap.h
|
|
||||||
+++ b/security/selinux/include/classmap.h
|
|
||||||
@@ -146,8 +146,8 @@ struct security_class_mapping secclass_map[] = {
|
|
||||||
{ "memprotect", { "mmap_zero", NULL } },
|
|
||||||
{ "peer", { "recv", NULL } },
|
|
||||||
{ "capability2",
|
|
||||||
- { "mac_override", "mac_admin", "syslog", "wake_alarm", "block_suspend",
|
|
||||||
- NULL } },
|
|
||||||
+ { "mac_override", "mac_admin", "syslog", "wake_alarm",
|
|
||||||
+ "block_suspend", "secure_firmware", NULL } },
|
|
||||||
{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
|
|
||||||
{ "tun_socket",
|
|
||||||
{ COMMON_SOCK_PERMS, NULL } },
|
|
||||||
--
|
|
||||||
1.7.11.2
|
|
||||||
|
|
||||||
|
|
||||||
From 0a90e99e45f5c8eddd3b8cfcd63a4c6355c5688d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Josh Boyer <jwboyer@redhat.com>
|
|
||||||
Date: Tue, 26 Jun 2012 16:27:26 -0400
|
|
||||||
Subject: [PATCH 13/13] modsign: Reject unsigned modules in a Secure Boot
|
|
||||||
environment
|
|
||||||
|
|
||||||
If a machine is booted into a Secure Boot environment, we need to
|
|
||||||
protect the trust model. This requires that all modules be signed
|
|
||||||
with a key that is in the kernel's _modsign keyring. We add a
|
|
||||||
capability check and reject modules that are not signed.
|
|
||||||
|
|
||||||
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
|
||||||
---
|
|
||||||
kernel/module-verify.c | 5 +++--
|
|
||||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/kernel/module-verify.c b/kernel/module-verify.c
|
|
||||||
index 22036d4..f6821b3 100644
|
|
||||||
--- a/kernel/module-verify.c
|
|
||||||
+++ b/kernel/module-verify.c
|
|
||||||
@@ -31,6 +31,7 @@
|
|
||||||
#include <linux/modsign.h>
|
|
||||||
#include <linux/moduleparam.h>
|
|
||||||
#include <linux/fips.h>
|
|
||||||
+#include <linux/capability.h>
|
|
||||||
#include <keys/crypto-type.h>
|
|
||||||
#include "module-verify.h"
|
|
||||||
#include "module-verify-defs.h"
|
|
||||||
@@ -699,7 +700,7 @@ int module_verify(const Elf_Ehdr *hdr, size_t size, bool *_gpgsig_ok)
|
|
||||||
/* The ELF checker found the sig for us if it exists */
|
|
||||||
if (mvdata.sig_index <= 0) {
|
|
||||||
/* Deal with an unsigned module */
|
|
||||||
- if (modsign_signedonly) {
|
|
||||||
+ if (modsign_signedonly || !capable(CAP_SECURE_FIRMWARE)) {
|
|
||||||
pr_err("An attempt to load unsigned module was rejected\n");
|
|
||||||
return -EKEYREJECTED;
|
|
||||||
} else {
|
|
||||||
@@ -736,7 +737,7 @@ out:
|
|
||||||
break;
|
|
||||||
case -ENOKEY: /* Signed, but we don't have the public key */
|
|
||||||
pr_err("Module signed with unknown public key\n");
|
|
||||||
- if (!modsign_signedonly) {
|
|
||||||
+ if (!modsign_signedonly && capable(CAP_SECURE_FIRMWARE)) {
|
|
||||||
/* Allow a module to be signed with an unknown public
|
|
||||||
* key unless we're enforcing.
|
|
||||||
*/
|
|
||||||
--
|
|
||||||
1.7.11.2
|
|
||||||
|
|
||||||
From: Matthew Garrett <mjg@redhat.com>
|
From: Matthew Garrett <mjg@redhat.com>
|
||||||
To: matt.fleming@intel.com
|
|
||||||
Cc: linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
|
|
||||||
x86@kernel.org, Matthew Garrett <mjg@redhat.com>
|
|
||||||
Date: Thu, 26 Jul 2012 18:00:00 -0400
|
Date: Thu, 26 Jul 2012 18:00:00 -0400
|
||||||
Message-Id: <1343340000-7587-1-git-send-email-mjg@redhat.com>
|
Subject: [PATCH 13/14] efi: Build EFI stub with EFI-appropriate options
|
||||||
Subject: [PATCH] efi: Build EFI stub with EFI-appropriate options
|
|
||||||
|
|
||||||
We can't assume the presence of the red zone while we're still in a boot
|
We can't assume the presence of the red zone while we're still in a boot
|
||||||
services environment, so we should build with -fno-red-zone to avoid
|
services environment, so we should build with -fno-red-zone to avoid
|
||||||
@ -731,4 +679,48 @@ index e398bb5..8a84501 100644
|
|||||||
ifeq ($(CONFIG_EFI_STUB), y)
|
ifeq ($(CONFIG_EFI_STUB), y)
|
||||||
VMLINUX_OBJS += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o
|
VMLINUX_OBJS += $(obj)/eboot.o $(obj)/efi_stub_$(BITS).o
|
||||||
endif
|
endif
|
||||||
|
--
|
||||||
|
1.7.11.4
|
||||||
|
|
||||||
|
|
||||||
|
From d1a225668878a3339adcd7ce0be256e857360ada Mon Sep 17 00:00:00 2001
|
||||||
|
From: Josh Boyer <jwboyer@redhat.com>
|
||||||
|
Date: Tue, 26 Jun 2012 16:27:26 -0400
|
||||||
|
Subject: [PATCH 14/14] modsign: Reject unsigned modules in a Secure Boot
|
||||||
|
environment
|
||||||
|
|
||||||
|
If a machine is booted into a Secure Boot environment, we need to
|
||||||
|
protect the trust model. This requires that all modules be signed
|
||||||
|
with a key that is in the kernel's _modsign keyring. We add a
|
||||||
|
capability check and reject modules that are not signed.
|
||||||
|
|
||||||
|
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
||||||
|
---
|
||||||
|
kernel/module.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/kernel/module.c b/kernel/module.c
|
||||||
|
index de16959..5af69cc 100644
|
||||||
|
--- a/kernel/module.c
|
||||||
|
+++ b/kernel/module.c
|
||||||
|
@@ -2463,7 +2463,7 @@ static int module_sig_check(struct load_info *info,
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Not having a signature is only an error if we're strict. */
|
||||||
|
- if (!err && !info->sig_ok && sig_enforce)
|
||||||
|
+ if (!err && !info->sig_ok && (sig_enforce || !capable(CAP_COMPROMISE_KERNEL)))
|
||||||
|
err = -EKEYREJECTED;
|
||||||
|
return err;
|
||||||
|
|
||||||
|
@@ -2475,7 +2475,7 @@ found_marker:
|
||||||
|
if (err < 0 && fips_enabled)
|
||||||
|
panic("Module verification failed with error %d in FIPS mode\n",
|
||||||
|
err);
|
||||||
|
- if (err == -ENOKEY && !sig_enforce)
|
||||||
|
+ if (err == -ENOKEY && (!sig_enforce && capable(CAP_COMPROMISE_KERNEL)))
|
||||||
|
err = 0;
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.7.11.4
|
||||||
|
|
16
x509.genkey
Normal file
16
x509.genkey
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
[ req ]
|
||||||
|
default_bits = 4096
|
||||||
|
distinguished_name = req_distinguished_name
|
||||||
|
prompt = no
|
||||||
|
x509_extensions = myexts
|
||||||
|
|
||||||
|
[ req_distinguished_name ]
|
||||||
|
O = Fedora
|
||||||
|
CN = Fedora kernel signing key
|
||||||
|
emailAddress = kernel-team@fedoraproject.org
|
||||||
|
|
||||||
|
[ myexts ]
|
||||||
|
basicConstraints=critical,CA:FALSE
|
||||||
|
keyUsage=digitalSignature
|
||||||
|
subjectKeyIdentifier=hash
|
||||||
|
authorityKeyIdentifier=keyid
|
Loading…
Reference in New Issue
Block a user