Re: Should we automatically generate a module signing key at all?
From: David Woodhouse
Date: Tue May 19 2015 - 08:47:07 EST
On Tue, 2015-05-19 at 09:53 +0100, David Howells wrote:
>
> Just in Fedora 21:
>
> warthog>rpm -ql kernel-modules | grep [.]ko | wc -l
> 3604
> warthog>rpm -ql kernel-modules-extra | grep [.]ko | wc -l
> 480
>
> So that's >4000 modules, each signed with a SHA256 sum (32 bytes). That's
> more than 125K of unswappable memory. And it's uncompressible as Dave pointed
> out. And that doesn't include any metadata to match a module to a digest, but
> rather assumes we just scan through the entire list comparing against each
> SHA256 sum until we find one that matches.
If you *really* wanted to do it, there might be ways round this
explosion of data.
Perhaps the kernel only contains *one* sha256 â the sha256 of all the
sha256's of all the modules.
Then when one module is loaded, we also have to pass in a table
containing all the other sha256's. The kernel checks the sha256 of what's being loaded, checks it matches what's in the table that was
also
loaded. And then validates the integrity of that table.
I don't much like that idea, mind you.
--
David Woodhouse Open Source Technology Centre
David.Woodhouse@xxxxxxxxx Intel Corporation
Attachment:
smime.p7s
Description: S/MIME cryptographic signature