diff options
| author | David Howells <dhowells@redhat.com> | 2012-09-26 05:09:50 -0400 |
|---|---|---|
| committer | Rusty Russell <rusty@rustcorp.com.au> | 2012-10-10 05:31:20 -0400 |
| commit | ea0b6dcf71d216dc11733ac19b26df0f5d0fd6c2 (patch) | |
| tree | 2b48610cfa37c0f736ab7e019b0370861f59f93a /init | |
| parent | addbcdbbf549c9127c2bbb39caaa08bb47b996f4 (diff) | |
MODSIGN: Provide Kconfig options
Provide kernel configuration options for module signing.
The following configuration options are added:
CONFIG_MODULE_SIG_SHA1
CONFIG_MODULE_SIG_SHA224
CONFIG_MODULE_SIG_SHA256
CONFIG_MODULE_SIG_SHA384
CONFIG_MODULE_SIG_SHA512
These select the cryptographic hash used to digest the data prior to signing.
Additionally, the crypto module selected will be built into the kernel as it
won't be possible to load it as a module without incurring a circular
dependency when the kernel tries to check its signature.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'init')
| -rw-r--r-- | init/Kconfig | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index fa8ccad1ea43..00d45799dee1 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
| @@ -1593,12 +1593,50 @@ config MODULE_SIG | |||
| 1593 | is simply appended to the module. For more information see | 1593 | is simply appended to the module. For more information see |
| 1594 | Documentation/module-signing.txt. | 1594 | Documentation/module-signing.txt. |
| 1595 | 1595 | ||
| 1596 | !!!WARNING!!! If you enable this option, you MUST make sure that the | ||
| 1597 | module DOES NOT get stripped after being signed. This includes the | ||
| 1598 | debuginfo strip done by some packagers (such as rpmbuild) and | ||
| 1599 | inclusion into an initramfs that wants the module size reduced. | ||
| 1600 | |||
| 1596 | config MODULE_SIG_FORCE | 1601 | config MODULE_SIG_FORCE |
| 1597 | bool "Require modules to be validly signed" | 1602 | bool "Require modules to be validly signed" |
| 1598 | depends on MODULE_SIG | 1603 | depends on MODULE_SIG |
| 1599 | help | 1604 | help |
| 1600 | Reject unsigned modules or signed modules for which we don't have a | 1605 | Reject unsigned modules or signed modules for which we don't have a |
| 1601 | key. Without this, such modules will simply taint the kernel. | 1606 | key. Without this, such modules will simply taint the kernel. |
| 1607 | |||
| 1608 | choice | ||
| 1609 | prompt "Which hash algorithm should modules be signed with?" | ||
| 1610 | depends on MODULE_SIG | ||
| 1611 | help | ||
| 1612 | This determines which sort of hashing algorithm will be used during | ||
| 1613 | signature generation. This algorithm _must_ be built into the kernel | ||
| 1614 | directly so that signature verification can take place. It is not | ||
| 1615 | possible to load a signed module containing the algorithm to check | ||
| 1616 | the signature on that module. | ||
| 1617 | |||
| 1618 | config MODULE_SIG_SHA1 | ||
| 1619 | bool "Sign modules with SHA-1" | ||
| 1620 | select CRYPTO_SHA1 | ||
| 1621 | |||
| 1622 | config MODULE_SIG_SHA224 | ||
| 1623 | bool "Sign modules with SHA-224" | ||
| 1624 | select CRYPTO_SHA256 | ||
| 1625 | |||
| 1626 | config MODULE_SIG_SHA256 | ||
| 1627 | bool "Sign modules with SHA-256" | ||
| 1628 | select CRYPTO_SHA256 | ||
| 1629 | |||
| 1630 | config MODULE_SIG_SHA384 | ||
| 1631 | bool "Sign modules with SHA-384" | ||
| 1632 | select CRYPTO_SHA512 | ||
| 1633 | |||
| 1634 | config MODULE_SIG_SHA512 | ||
| 1635 | bool "Sign modules with SHA-512" | ||
| 1636 | select CRYPTO_SHA512 | ||
| 1637 | |||
| 1638 | endchoice | ||
| 1639 | |||
| 1602 | endif # MODULES | 1640 | endif # MODULES |
| 1603 | 1641 | ||
| 1604 | config INIT_ALL_POSSIBLE | 1642 | config INIT_ALL_POSSIBLE |