From: Stefan Berger <stefanb@linux.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Jarkko Sakkinen <jarkko@kernel.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-integrity <linux-integrity@vger.kernel.org>,
James Morris James Morris <jmorris@namei.org>,
David Howells <dhowells@redhat.com>,
Peter Huewe <peterhuewe@gmx.de>
Subject: Re: [GIT PULL] TPM DEVICE DRIVER changes for v5.14
Date: Mon, 28 Jun 2021 14:33:14 -0400 [thread overview]
Message-ID: <8de9d45e-4389-8316-b0d0-e9a43be9fade@linux.ibm.com> (raw)
In-Reply-To: <CAHk-=whhEf=xJz=rdcLWNnRU1uR6Ft-mn6xNrOg3OcQ=5cX6BQ@mail.gmail.com>
On 6/28/21 1:34 PM, Linus Torvalds wrote:
> On Wed, Jun 23, 2021 at 6:56 AM Jarkko Sakkinen <jarkko@kernel.org> wrote:
>> Contains bug fixes for TPM, and support for signing modules using elliptic
>> curve keys, which I promised to pick up to my tree.
> I pulled this, but then I looked at the key type changes, and that
> made me so scared that I unpulled it again.
>
> In particular, that code will do
>
> shell rm -f $(CONFIG_MODULE_SIG_KEY)
>
> from the Makefile if some config options have changed.
I suppose it is from this part here.
+# Support user changing key type
+ifdef CONFIG_MODULE_SIG_KEY_TYPE_ECDSA
+keytype_openssl = -newkey ec -pkeyopt ec_paramgen_curve:secp384r1
+ifeq ($(openssl_available),yes)
+$(if $(findstring id-ecPublicKey,$(X509TEXT)),,$(shell rm -f
$(CONFIG_MODULE_SIG_KEY)))
+endif
+endif # CONFIG_MODULE_SIG_KEY_TYPE_ECDSA
+
+ifdef CONFIG_MODULE_SIG_KEY_TYPE_RSA
+ifeq ($(openssl_available),yes)
$(if $(findstring rsaEncryption,$(X509TEXT)),,$(shell rm -f
$(CONFIG_MODULE_SIG_KEY)))
endif
+endif # CONFIG_MODULE_SIG_KEY_TYPE_RSA
If the user changed the build option from an ECDSA module signing key to
an RSA signing key or vice versa then this code deletes the current
signing key and subsequent code in the Makefile will create an RSA or
ECDSA signing key following the user's choice. I suppose this is
expected behavior that when a user chooses an RSA signing key it will
use an RSA signing key. Maybe we should make a backup copy of the
previous key, if that helps.
>
> That just seems too broken for words. Maybe I misunderstand this, but
> this really seems like an easy mistake might cause the kernel build to
> actively start removing some random user key files that the user
> pointed at previously.
The removal is triggered by the user changing the type of key from what
is in the keyfile.
Stefan
>
> Linus
next prev parent reply other threads:[~2021-06-28 18:33 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-23 13:56 [GIT PULL] TPM DEVICE DRIVER changes for v5.14 Jarkko Sakkinen
2021-06-28 17:34 ` Linus Torvalds
2021-06-28 18:33 ` Stefan Berger [this message]
2021-06-28 19:11 ` Linus Torvalds
2021-06-28 19:21 ` Stefan Berger
2021-06-28 19:27 ` Linus Torvalds
2021-06-28 19:35 ` Stefan Berger
2021-06-29 20:20 ` Jarkko Sakkinen
2021-06-29 21:08 ` Linus Torvalds
2021-06-29 21:10 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8de9d45e-4389-8316-b0d0-e9a43be9fade@linux.ibm.com \
--to=stefanb@linux.ibm.com \
--cc=dhowells@redhat.com \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).