From patchwork Mon May 9 14:25:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Juerg Haefliger X-Patchwork-Id: 1628637 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=VKjpcisQ; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Kxk3J0bRNz9sGF for ; Tue, 10 May 2022 00:25:15 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1no4Jw-00078K-Kj; Mon, 09 May 2022 14:25:08 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1no4Jv-00078C-9R for kernel-team@lists.ubuntu.com; Mon, 09 May 2022 14:25:07 +0000 Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id F3B7A3F1BE for ; Mon, 9 May 2022 14:25:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1652106306; bh=FEN5yxSxlqAyoDQpaI19KZM1Rert1azbG4QB9BPoUZ4=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=VKjpcisQ5eaqsZYINuZOJYwLPjEhf0EE+RNCb3CyXhxYJ+jlTY8uDUo4Zvg4Ietqx WtXEQqUmU37Lgdx3ytrkWxvfLdK8rEd0AIDIUF8y4JW4ba6sLFauKtD4QSQ3mZQuNI +daQXMGzWwAZ//Mw42PI360ov5Jq5vXL38tvvisgXhAqGBLhzNMd4TkdDmrgouA/1t +kMYkGkFn0QYKlo009hnEgyT07c6EOsk2e9BCmgDbCD9l6ysGTOIRtf4N/Phcb2x5K M218fvhah61Ei/Rc0FA/5PBNvzCcsMISDqiwo8XvpC9XbG0+GJOYoNmT80OG8vTVet hVMCUxt7tj/gw== Received: by mail-ej1-f69.google.com with SMTP id sh14-20020a1709076e8e00b006f4a5de6888so6846238ejc.8 for ; Mon, 09 May 2022 07:25:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=FEN5yxSxlqAyoDQpaI19KZM1Rert1azbG4QB9BPoUZ4=; b=fglAUwziNveaRtDa7wuEQv2aATxrwd8yNWZiAvHqcrfv6PcEN7yW5Rkz+0+ubWaGnM dWF5/euy0ojko3u17nDZOKKk7Pf0KwaRNPgzuVEq85/EzNvg0cPRDqLR+u4Pev5lFHxw yn+++FgupLCMXMDL+qeGxNI3lv/nDFDlS8535wwJfSV319frqdviDKl60We1XlJFZlEp jeMW3DVzs2ttRod+ek7Ucs1hkzO8zMRIan0/1rgLHYGHKgpWsWdQ7uYZx4a+mSq2EerA MHEgO9ciLDAk06OfnhlSficztfBEhC+OExpqO7FkhHxlMKsUZAP/n9X63bnFRcWVl0m6 2GRA== X-Gm-Message-State: AOAM530He/U1p+bxHQVVzlb5BZ4DO4Kh1YPVBduCStkm2SjoxMOyv8Xk 6YOHGhO2cdBNZPHlChzOxrtZUCoo+PjY+s3MV+MaPd/hYAZEGolP04nBZbi81ARvbGT2wVHIBu5 TXBWbrJYG3AmXyMVWJKA5tkW1MWmOu4tKWmM0IjwRDA== X-Received: by 2002:a50:c40d:0:b0:428:9f9b:c5dd with SMTP id v13-20020a50c40d000000b004289f9bc5ddmr4810533edf.16.1652106306727; Mon, 09 May 2022 07:25:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzJx8rhcUw0qmnG5FTOvolK2RLhOnu7NhjfOJucCXkrHbQHuuCB5/iicFjR+cvjoBkCSXsX5Q== X-Received: by 2002:a50:c40d:0:b0:428:9f9b:c5dd with SMTP id v13-20020a50c40d000000b004289f9bc5ddmr4810518edf.16.1652106306555; Mon, 09 May 2022 07:25:06 -0700 (PDT) Received: from gollum.fritz.box ([194.191.244.86]) by smtp.gmail.com with ESMTPSA id l15-20020a17090612cf00b006f3ef214df9sm5143736ejb.95.2022.05.09.07.25.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 May 2022 07:25:05 -0700 (PDT) From: Juerg Haefliger X-Google-Original-From: Juerg Haefliger To: kernel-team@lists.ubuntu.com Subject: [Unstable][PATCH v2 0/3] linux: Staging modules should be unsigned (LP: #1642368) Date: Mon, 9 May 2022 16:25:01 +0200 Message-Id: <20220509142504.493925-1-juergh@canonical.com> X-Mailer: git-send-email 2.32.0 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Modules under the drivers/staging hierarchy get little attention when it comes to vulnerabilities. It is possible that memory mapping tricks that expose kernel internals would go unnoticed. Therefore, do not sign staging modules so that they cannot be loaded in a secure boot environment. [juergh: The above is the original bug that introduced this feature in Xenial. We seem to have lost it in Impish probably because of breaking changes in Makefile.modinst. So bring it back and while at it: - Remove modules that are no longer in the staging area from the list. - Add a check that verifies that only listed staging modules are signed.] v2: - Move signature-inclusion file to the debian/ directory to keep the source tree clean. - Strip signatures from unlisted staging drivers in a build rule rather than modifying the upstream Makefile to not sign them. Juerg Haefliger (3): UBUNTU: [Packaging] Move and update signature inclusion list UBUNTU: [Packaging] Strip signatures from untrusted staging modules UBUNTU: [Packaging] Add module-signature-check debian/rules.d/2-binary-arch.mk | 11 +++ debian/rules.d/4-checks.mk | 10 ++- debian/scripts/module-signature-check | 67 +++++++++++++++++++ .../staging => debian}/signature-inclusion | 7 -- 4 files changed, 87 insertions(+), 8 deletions(-) create mode 100755 debian/scripts/module-signature-check rename {drivers/staging => debian}/signature-inclusion (73%) Acked-by: Tim Gardner Acked-by: Andrea Righi