From: David Howells <dhowells@redhat.com>
To: "Luis R. Rodriguez" <mcgrof@suse.com>
Cc: dhowells@redhat.com, Andy Lutomirski <luto@kernel.org>,
linux-security-module@vger.kernel.org, james.l.morris@oracle.com,
serge@hallyn.com, linux-kernel@vger.kernel.org,
linux-wireless@vger.kernel.org, Kyle McMartin <kyle@kernel.org>,
David Woodhouse <david.woodhouse@intel.com>,
Seth Forshee <seth.forshee@canonical.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Joey Lee <jlee@suse.de>, Rusty Russell <rusty@rustcorp.com.au>,
zohar@linux.vnet.ibm.com, mricon@kernel.org,
Michal Marek <mmarek@suse.cz>,
Abelardo Ricart III <aricart@memnix.com>,
Sedat Dilek <sedat.dilek@gmail.com>,
keyrings@linux-nfs.org, Borislav Petkov <bp@alien8.de>,
Jiri Kosina <jkosina@suse.cz>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [RFD] linux-firmware key arrangement for firmware signing
Date: Thu, 21 May 2015 16:51:49 +0100 [thread overview]
Message-ID: <9567.1432223509@warthog.procyon.org.uk> (raw)
In-Reply-To: <20150519221128.GP23057@wotan.suse.de>
Luis R. Rodriguez <mcgrof@suse.com> wrote:
> I had this planned out because regulatory.bin used its own simple RSA key
> with no x509 juju magic. I also envisioned it being easier for Kyle for
> instance to use his own PGP key to sign linux-firmware files to start off
> with than some complex x509 thing. Based on discussions with David, Seth,
> and Kyle though it seems we were going to be happy with trusting Kyle's key
> for regulatory.bin, since that will be done Kyle might as well sign all
> linux-firmware files and folks who trust that can use it.
To go down the signature root, what the kernel needs is:
(1) A way to get a key into the kernel. We're currently using X.509 for this
for module signing and kexec.
(2) A way to get a signature into the kernel with sufficient metadata to
select the key to use. Currently, kexec uses PKCS#7 for this and module
signing uses a private format which I'm intending to change to PKCS#7.
For firmware, I think Andy is right and we also need to include in the
metadata something that says under what circumstances the firmware can be
used - likely the name that is passed to request_firmware() - which must
also be included in the digested data.
I don't believe that module signing actually requires a hint of this type
since we have to permit insmod to work and there won't be a hint we can
trust. Besides, once verified, modules have to be loadable by the module
loader which is probably a sufficient restriction in itself.
I don't believe that kexec signing requires a name hint either since I
think the only restriction on what we're allowed to kexec is that it must
be bootable from the beginning - and must be a PE binary on x86 type
platforms.
I do have patches to parse PGP key data and add the public keys found therein
onto the kernel keyring, but that would mean adding an extra key data parser.
You could probably do this with the integrity functions - but turning them on
has a performance cost and you have to load things in the right order as I
understand it.
The hash list idea for firmware really isn't a starter for a distribution like
Fedora and especially RHEL. We would have to crank out a new set of kernels
any time anyone released a new firmware that someone might want to load since
the hash list is effectively dependent on *all* the firmware blobs. Further,
you cannot ever discard any entries as you would potentially prevent someone's
system from booting if you did.
> > 3. PKCS#1 v1.5, really? PKCS#1 v1.5 is known to be insecure unless
> > very cafefully validated. For example:
> >
> > https://www.imperialviolet.org/2014/09/26/pkcs1.html
> >
> > Could we please consider using a signature scheme with a security proof?
>
> I'm fine with going with some other alternative, now what do you have in mind?
We can look at moving to PKCS#1 v2.1 and using RSASSA-PSS. The main
difficulty is persuading openssl that it wants to do that.
Andy Lutomirski <luto@amacapital.net> wrote:
> RSA-PSS, ECDSA over P-256, or Ed25519. The IRTF CFRG is expected to
> publish an RFC for a modern signature scheme any day^Wmonth^Wyear now,
> too.
These are public key algorithms, not message/certificate formats, so comparing
X.509 or PKCS#7 to ECDSA or Ed25519 is not valid.
David
next prev parent reply other threads:[~2015-05-21 15:52 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-19 20:02 [RFD] linux-firmware key arrangement for firmware signing Luis R. Rodriguez
2015-05-19 20:40 ` Luis R. Rodriguez
2015-05-19 20:59 ` Andy Lutomirski
2015-05-19 22:11 ` Luis R. Rodriguez
2015-05-19 22:40 ` Andy Lutomirski
2015-05-19 23:30 ` Julian Calaby
2015-05-19 23:42 ` Andy Lutomirski
2015-05-20 0:39 ` Luis R. Rodriguez
2015-05-20 0:41 ` Andy Lutomirski
2015-05-21 22:26 ` Luis R. Rodriguez
2015-05-21 23:15 ` Casey Schaufler
2015-05-21 15:51 ` David Howells [this message]
2015-05-21 16:30 ` Mimi Zohar
2015-05-21 16:39 ` Andy Lutomirski
2015-05-21 16:51 ` Petko Manolov
2015-05-21 16:55 ` Andy Lutomirski
2015-05-21 17:44 ` Petko Manolov
2015-05-21 16:43 ` Petko Manolov
2015-05-21 16:48 ` Andy Lutomirski
2015-05-21 16:58 ` Petko Manolov
2015-05-21 16:59 ` Mimi Zohar
2015-05-19 21:48 ` Mimi Zohar
2015-05-19 22:19 ` Luis R. Rodriguez
2015-05-19 23:37 ` Mimi Zohar
2015-05-20 0:22 ` Luis R. Rodriguez
2015-05-20 1:06 ` Mimi Zohar
2015-05-20 1:29 ` Andy Lutomirski
2015-05-20 2:05 ` Mimi Zohar
2015-05-20 2:10 ` Andy Lutomirski
2015-05-20 15:49 ` Petko Manolov
2015-05-20 16:08 ` Petko Manolov
2015-05-20 14:04 ` Seth Forshee
2015-05-20 16:24 ` One Thousand Gnomes
2015-05-20 16:46 ` Petko Manolov
2015-05-21 4:41 ` Greg Kroah-Hartman
2015-05-21 5:41 ` Petko Manolov
2015-05-21 6:14 ` Greg Kroah-Hartman
2015-05-21 13:05 ` Mimi Zohar
2015-05-21 15:45 ` Greg Kroah-Hartman
2015-05-21 15:53 ` Petko Manolov
2015-05-21 16:57 ` Greg Kroah-Hartman
2015-05-26 17:08 ` One Thousand Gnomes
2015-05-26 19:15 ` Petko Manolov
2015-05-26 19:52 ` Mimi Zohar
2015-05-26 23:06 ` David Howells
2015-05-21 16:03 ` Woodhouse, David
2015-05-21 16:22 ` Mimi Zohar
2015-05-21 16:31 ` Woodhouse, David
2015-05-21 17:02 ` gregkh
2015-05-21 17:14 ` Petko Manolov
2015-05-21 18:23 ` Luis R. Rodriguez
2015-05-21 18:30 ` Luis R. Rodriguez
2015-05-21 19:32 ` Woodhouse, David
2015-05-21 17:49 ` Luis R. Rodriguez
2015-05-21 14:45 ` Petko Manolov
2015-05-21 22:50 ` Luis R. Rodriguez
2015-05-20 20:35 ` Kyle McMartin
2015-05-20 15:08 ` David Howells
2015-05-20 15:47 ` Seth Forshee
2015-05-21 16:23 ` David Howells
2015-05-20 15:14 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9567.1432223509@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=aricart@memnix.com \
--cc=bp@alien8.de \
--cc=david.woodhouse@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=james.l.morris@oracle.com \
--cc=jkosina@suse.cz \
--cc=jlee@suse.de \
--cc=keyrings@linux-nfs.org \
--cc=kyle@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mcgrof@suse.com \
--cc=mmarek@suse.cz \
--cc=mricon@kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=sedat.dilek@gmail.com \
--cc=serge@hallyn.com \
--cc=seth.forshee@canonical.com \
--cc=torvalds@linux-foundation.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).