Kernel Newbies archive on lore.kernel.org
 help / color / Atom feed
From: "Valdis Klētnieks" <valdis.kletnieks@vt.edu>
To: WyoFlippa <wyoflippa@gmail.com>
Cc: kernelnewbies@kernelnewbies.org
Subject: Re: Kernel drivers and IOCTLs
Date: Thu, 23 Jan 2020 11:49:26 -0500
Message-ID: <44531.1579798166@turing-police> (raw)
In-Reply-To: <8969dfce-a295-c351-201c-4d8a0e90ac58@gmail.com>

[-- Attachment #1.1: Type: text/plain, Size: 1453 bytes --]

On Tue, 21 Jan 2020 22:27:01 -0600, WyoFlippa said:

> I'm working on a driver that would verify a Linux or U-Boot image is
> secure and I need to pass parameters such as the public key, starting
> address, etc.

This is actually a lot harder to do properly than it looks, especially if
you're trying to export the information to userspace - a compromised kernel can
simply hijack your ioctl or /proc or /sys file and output that it's not
compromised. You can't even easily use public/private keys to sign the
statement it's not compromised, because if the legit kernel has access to the
public key, the compromised code probably does too.....

And if you're defending against sufficiently well-financed attackers, it may
even be difficult for a driver to verify the rest of the kernel isn't
compromised. As a fairly obvious attack, consider a kernel with 2 sets of page
table mappings. First, a set that contains the original kernel code and is
mapped in when your driver is executing, and then the *real* set that maps in
other physical pages containing the skullduggery code, which gets mapped in
when there's something evil being done....

So what *actual* problem are you trying to solve by using a driver to verify
the image is "secure" (which needs further definition, but you probably already
knew that if your skill level is up to doing this right...)?  In particular, what are
you trying to do that various secure boot schemes don't address?


[-- Attachment #1.2: Type: application/pgp-signature, Size: 832 bytes --]

[-- Attachment #2: Type: text/plain, Size: 170 bytes --]

_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@kernelnewbies.org
https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

  parent reply index

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-22  4:27 WyoFlippa
2020-01-22 19:04 ` Greg KH
2020-01-23 16:49 ` Valdis Klētnieks [this message]
2020-02-05  2:57   ` WyoFlippa
2020-02-05  4:01     ` Valdis Klētnieks

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44531.1579798166@turing-police \
    --to=valdis.kletnieks@vt.edu \
    --cc=kernelnewbies@kernelnewbies.org \
    --cc=wyoflippa@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Kernel Newbies archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernelnewbies/0 kernelnewbies/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernelnewbies kernelnewbies/ https://lore.kernel.org/kernelnewbies \
		kernelnewbies@kernelnewbies.org
	public-inbox-index kernelnewbies

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernelnewbies.kernelnewbies


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git