Commit ea0b6dcf authored by David Howells's avatar David Howells Committed by Rusty Russell

MODSIGN: Provide Kconfig options

Provide kernel configuration options for module signing.

The following configuration options are added:

     CONFIG_MODULE_SIG_SHA1
     CONFIG_MODULE_SIG_SHA224
     CONFIG_MODULE_SIG_SHA256
     CONFIG_MODULE_SIG_SHA384
     CONFIG_MODULE_SIG_SHA512

These select the cryptographic hash used to digest the data prior to signing.
Additionally, the crypto module selected will be built into the kernel as it
won't be possible to load it as a module without incurring a circular
dependency when the kernel tries to check its signature.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
parent addbcdbb
...@@ -1593,12 +1593,50 @@ config MODULE_SIG ...@@ -1593,12 +1593,50 @@ config MODULE_SIG
is simply appended to the module. For more information see is simply appended to the module. For more information see
Documentation/module-signing.txt. Documentation/module-signing.txt.
!!!WARNING!!! If you enable this option, you MUST make sure that the
module DOES NOT get stripped after being signed. This includes the
debuginfo strip done by some packagers (such as rpmbuild) and
inclusion into an initramfs that wants the module size reduced.
config MODULE_SIG_FORCE config MODULE_SIG_FORCE
bool "Require modules to be validly signed" bool "Require modules to be validly signed"
depends on MODULE_SIG depends on MODULE_SIG
help help
Reject unsigned modules or signed modules for which we don't have a Reject unsigned modules or signed modules for which we don't have a
key. Without this, such modules will simply taint the kernel. key. Without this, such modules will simply taint the kernel.
choice
prompt "Which hash algorithm should modules be signed with?"
depends on MODULE_SIG
help
This determines which sort of hashing algorithm will be used during
signature generation. This algorithm _must_ be built into the kernel
directly so that signature verification can take place. It is not
possible to load a signed module containing the algorithm to check
the signature on that module.
config MODULE_SIG_SHA1
bool "Sign modules with SHA-1"
select CRYPTO_SHA1
config MODULE_SIG_SHA224
bool "Sign modules with SHA-224"
select CRYPTO_SHA256
config MODULE_SIG_SHA256
bool "Sign modules with SHA-256"
select CRYPTO_SHA256
config MODULE_SIG_SHA384
bool "Sign modules with SHA-384"
select CRYPTO_SHA512
config MODULE_SIG_SHA512
bool "Sign modules with SHA-512"
select CRYPTO_SHA512
endchoice
endif # MODULES endif # MODULES
config INIT_ALL_POSSIBLE config INIT_ALL_POSSIBLE
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment