diff options
| author | David Howells <dhowells@redhat.com> | 2012-09-26 10:11:03 +0100 | 
|---|---|---|
| committer | Rusty Russell <rusty@rustcorp.com.au> | 2012-10-10 20:06:10 +1030 | 
| commit | 48ba2462ace6072741fd8d0058207d630ce93bf1 (patch) | |
| tree | 3cea7661a3bd5d03631e01171c19f2123346cf01 /tools/perf/scripts/python/syscall-counts.py | |
| parent | 631cc66eb9eaa7296e303197ff1eb0f55e32b61d (diff) | |
MODSIGN: Implement module signature checking
Check the signature on the module against the keys compiled into the kernel or
available in a hardware key store.
Currently, only RSA keys are supported - though that's easy enough to change,
and the signature is expected to contain raw components (so not a PGP or
PKCS#7 formatted blob).
The signature blob is expected to consist of the following pieces in order:
 (1) The binary identifier for the key.  This is expected to match the
     SubjectKeyIdentifier from an X.509 certificate.  Only X.509 type
     identifiers are currently supported.
 (2) The signature data, consisting of a series of MPIs in which each is in
     the format of a 2-byte BE word sizes followed by the content data.
 (3) A 12 byte information block of the form:
	struct module_signature {
		enum pkey_algo		algo : 8;
		enum pkey_hash_algo	hash : 8;
		enum pkey_id_type	id_type : 8;
		u8			__pad;
		__be32			id_length;
		__be32			sig_length;
	};
     The three enums are defined in crypto/public_key.h.
     'algo' contains the public-key algorithm identifier (0->DSA, 1->RSA).
     'hash' contains the digest algorithm identifier (0->MD4, 1->MD5, 2->SHA1,
      etc.).
     'id_type' contains the public-key identifier type (0->PGP, 1->X.509).
     '__pad' should be 0.
     'id_length' should contain in the binary identifier length in BE form.
     'sig_length' should contain in the signature data length in BE form.
     The lengths are in BE order rather than CPU order to make dealing with
     cross-compilation easier.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (minor Kconfig fix)
Diffstat (limited to 'tools/perf/scripts/python/syscall-counts.py')
0 files changed, 0 insertions, 0 deletions
