module: signature checking hook
We do a very simple search for a particular string appended to the module (which is cache-hot and about to be SHA'd anyway). There's both a config option and a boot parameter which control whether we accept or fail with unsigned modules and modules that are signed with an unknown key. If module signing is enabled, the kernel will be tainted if a module is loaded that is unsigned or has a signature for which we don't have the key. (Useful feedback and tweaks by David Howells <dhowells@redhat.com>) Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell
parent
c26fd69fa0
commit
106a4ee258
7 changed files with 157 additions and 1 deletions
|
|
@ -21,6 +21,9 @@
|
|||
#include <linux/percpu.h>
|
||||
#include <asm/module.h>
|
||||
|
||||
/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
|
||||
#define MODULE_SIG_STRING "~Module signature appended~\n"
|
||||
|
||||
/* Not Yet Implemented */
|
||||
#define MODULE_SUPPORTED_DEVICE(name)
|
||||
|
||||
|
|
@ -260,6 +263,11 @@ struct module
|
|||
const unsigned long *unused_gpl_crcs;
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_MODULE_SIG
|
||||
/* Signature was verified. */
|
||||
bool sig_ok;
|
||||
#endif
|
||||
|
||||
/* symbols that will be GPL-only in the near future. */
|
||||
const struct kernel_symbol *gpl_future_syms;
|
||||
const unsigned long *gpl_future_crcs;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue