Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Mar 2017 15:10:52 +0300
From:      Peter Pentchev <roam@ringlet.net>
To:        Eric McCorkle <eric@metricspace.net>
Cc:        "freebsd-hackers@freebsd.org" <freebsd-hackers@FreeBSD.org>, freebsd-security@freebsd.org
Subject:   Re: Proposal for a design for signed kernel/modules/etc
Message-ID:  <20170329121052.l6e7ajvvq6yfltpt@office.storpool.com>
In-Reply-To: <6f6b47ed-84e0-e4c0-9df5-350620cff45b@metricspace.net>
References:  <6f6b47ed-84e0-e4c0-9df5-350620cff45b@metricspace.net>

next in thread | previous in thread | raw e-mail | index | archive | help

--2y6ant3anwcqndju
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Mar 27, 2017 at 01:54:44PM -0400, Eric McCorkle wrote:
> Hello everyone,
>=20
> The following is a design proposal for signed kernel and kernel module
> loading, both at boot- and runtime (with the possibility open for signed
> executables and libraries if someone wanted to go that route).  I'm
> interested in feedback on the idea before I start actually writing code
> for it.
>=20
> =3D=3D Goals =3D=3D
>=20
[snip]
>=20
> =3D=3D Non-Goals =3D=3D
>=20
[snip]
>=20
> =3D=3D Existing Solution(s) =3D=3D
>=20
[snip]
> While functional, this design doesn't meet the goals I outlined:
>=20
[snip]
> * Finally, the gnupg signature format doesn't actually seem to be
> documented anywhere, or at least not anywhere that doesn't require a lot
> of digging...

Erm, actually, the so-called "gnupg signature format", better known as
"the OpenPGP signature format", is pretty well documented in RFC 4880.
Note that this remark has no bearing on any of your other arguments, or
on your work as a whole; I just wanted to clarify this particular point :)

G'luck,
Peter

--=20
Peter Pentchev  roam@ringlet.net roam@FreeBSD.org pp@storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13

--2y6ant3anwcqndju
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEELuenpRf8EkzxFcNUZR7vsCUn3xMFAljbpEwACgkQZR7vsCUn
3xOT7w/+Ico4GO6e9BFic2UJs4n3cgyo/tzEwbV+JZ75w5uhPHeBmxsQo6q49Bbu
JaCas1w7mPpDIiKK5oBLUTDVSEsHyDfBfBQn6yY7qax/pehi8EAAmxy6cLBj5LNL
4BJUrUbGlJVWe4Y/kxFiCxUhkDYTHzJTv7G2BsQeH/xGDhAnXtcNs7TSpxuTrUK8
jimOKLWNmxUPLuxTPIDuVmzV6nXFc7wrrdiqWOyaxOG7t16auuaou0OHIs0PBxND
ZIXh5OBXQWhIW1DhQBTx5Anmi6oihOzeQSw1Ppt7OMoIbpZVwX+y8VYW6NFDCa9H
1xuLdqsxnMGuUsZw0QAgEfnEU7oFXnmhjcGLFL0AOabk2vP820bLhWNYefBDXlFw
WYW677hrpCnNMT8SphUE4uHURJ93RnSudwRQVpkb6pdRAUr2iIOx3R6gsqJhs7gU
HiUzoiiMhcizKyXRjrYLDL131HD1fCXwk967I7ggcDccfJ3v0FWblacMYsfRy8mT
yS6234vL10tRkFMifQ65s5EVzsfiTUxYJubJhnGBqDWhiWrpytqQogRtgYqBbp3t
zimxG8/jZ/h6eM+BeQuEdz9qqCwCa+Y+fUhV3SA7UEhpJKW3fXkKB6sFTagVjTyD
1pfQ7iUySFdnDDmMvOd/SJFU5jYfWRPUMy38iXD90T4jUSYtd54=
=aH/a
-----END PGP SIGNATURE-----

--2y6ant3anwcqndju--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170329121052.l6e7ajvvq6yfltpt>