diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-14 16:39:34 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-10-14 16:39:34 -0400 |
| commit | d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d (patch) | |
| tree | f414482d768b015a609924293b779b4ad0b8f764 /init/Kconfig | |
| parent | b6eea87fc6850d3531a64a27d2323a4498cd4e43 (diff) | |
| parent | dbadc17683e6c673a69b236c0f041b931cc55c42 (diff) | |
Merge branch 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux
Pull module signing support from Rusty Russell:
"module signing is the highlight, but it's an all-over David Howells frenzy..."
Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG.
* 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits)
X.509: Fix indefinite length element skip error handling
X.509: Convert some printk calls to pr_devel
asymmetric keys: fix printk format warning
MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking
MODSIGN: Make mrproper should remove generated files.
MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs
MODSIGN: Use the same digest for the autogen key sig as for the module sig
MODSIGN: Sign modules during the build process
MODSIGN: Provide a script for generating a key ID from an X.509 cert
MODSIGN: Implement module signature checking
MODSIGN: Provide module signing public keys to the kernel
MODSIGN: Automatically generate module signing keys if missing
MODSIGN: Provide Kconfig options
MODSIGN: Provide gitignore and make clean rules for extra files
MODSIGN: Add FIPS policy
module: signature checking hook
X.509: Add a crypto key parser for binary (DER) X.509 certificates
MPILIB: Provide a function to read raw data into an MPI
X.509: Add an ASN.1 decoder
X.509: Add simple ASN.1 grammar compiler
...
Diffstat (limited to 'init/Kconfig')
| -rw-r--r-- | init/Kconfig | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 89e4cf672df..6fdd6e33932 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -1574,6 +1574,66 @@ config MODULE_SRCVERSION_ALL | |||
| 1574 | the version). With this option, such a "srcversion" field | 1574 | the version). With this option, such a "srcversion" field |
| 1575 | will be created for all modules. If unsure, say N. | 1575 | will be created for all modules. If unsure, say N. |
| 1576 | 1576 | ||
| 1577 | config MODULE_SIG | ||
| 1578 | bool "Module signature verification" | ||
| 1579 | depends on MODULES | ||
| 1580 | select KEYS | ||
| 1581 | select CRYPTO | ||
| 1582 | select ASYMMETRIC_KEY_TYPE | ||
| 1583 | select ASYMMETRIC_PUBLIC_KEY_SUBTYPE | ||
| 1584 | select PUBLIC_KEY_ALGO_RSA | ||
| 1585 | select ASN1 | ||
| 1586 | select OID_REGISTRY | ||
| 1587 | select X509_CERTIFICATE_PARSER | ||
| 1588 | help | ||
| 1589 | Check modules for valid signatures upon load: the signature | ||
| 1590 | is simply appended to the module. For more information see | ||
| 1591 | Documentation/module-signing.txt. | ||
| 1592 | |||
| 1593 | !!!WARNING!!! If you enable this option, you MUST make sure that the | ||
| 1594 | module DOES NOT get stripped after being signed. This includes the | ||
| 1595 | debuginfo strip done by some packagers (such as rpmbuild) and | ||
| 1596 | inclusion into an initramfs that wants the module size reduced. | ||
| 1597 | |||
| 1598 | config MODULE_SIG_FORCE | ||
| 1599 | bool "Require modules to be validly signed" | ||
| 1600 | depends on MODULE_SIG | ||
| 1601 | help | ||
| 1602 | Reject unsigned modules or signed modules for which we don't have a | ||
| 1603 | key. Without this, such modules will simply taint the kernel. | ||
| 1604 | |||
| 1605 | choice | ||
| 1606 | prompt "Which hash algorithm should modules be signed with?" | ||
| 1607 | depends on MODULE_SIG | ||
| 1608 | help | ||
| 1609 | This determines which sort of hashing algorithm will be used during | ||
| 1610 | signature generation. This algorithm _must_ be built into the kernel | ||
| 1611 | directly so that signature verification can take place. It is not | ||
| 1612 | possible to load a signed module containing the algorithm to check | ||
| 1613 | the signature on that module. | ||
| 1614 | |||
| 1615 | config MODULE_SIG_SHA1 | ||
| 1616 | bool "Sign modules with SHA-1" | ||
| 1617 | select CRYPTO_SHA1 | ||
| 1618 | |||
| 1619 | config MODULE_SIG_SHA224 | ||
| 1620 | bool "Sign modules with SHA-224" | ||
| 1621 | select CRYPTO_SHA256 | ||
| 1622 | |||
| 1623 | config MODULE_SIG_SHA256 | ||
| 1624 | bool "Sign modules with SHA-256" | ||
| 1625 | select CRYPTO_SHA256 | ||
| 1626 | |||
| 1627 | config MODULE_SIG_SHA384 | ||
| 1628 | bool "Sign modules with SHA-384" | ||
| 1629 | select CRYPTO_SHA512 | ||
| 1630 | |||
| 1631 | config MODULE_SIG_SHA512 | ||
| 1632 | bool "Sign modules with SHA-512" | ||
| 1633 | select CRYPTO_SHA512 | ||
| 1634 | |||
| 1635 | endchoice | ||
| 1636 | |||
| 1577 | endif # MODULES | 1637 | endif # MODULES |
| 1578 | 1638 | ||
| 1579 | config INIT_ALL_POSSIBLE | 1639 | config INIT_ALL_POSSIBLE |
| @@ -1607,4 +1667,12 @@ config PADATA | |||
| 1607 | config BROKEN_RODATA | 1667 | config BROKEN_RODATA |
| 1608 | bool | 1668 | bool |
| 1609 | 1669 | ||
| 1670 | config ASN1 | ||
| 1671 | tristate | ||
| 1672 | help | ||
| 1673 | Build a simple ASN.1 grammar compiler that produces a bytecode output | ||
| 1674 | that can be interpreted by the ASN.1 stream decoder and used to | ||
| 1675 | inform it as to what tags are to be expected in a stream and what | ||
| 1676 | functions to call on what tags. | ||
| 1677 | |||
| 1610 | source "kernel/Kconfig.locks" | 1678 | source "kernel/Kconfig.locks" |