Re: [PATCH V40 04/29] lockdown: Enforce module signatures if the kernel is locked down

From: Matthew Garrett
Date: Wed Sep 04 2019 - 12:58:06 EST


On Fri, Aug 30, 2019 at 9:31 AM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> Matthew Garrett <matthewgarrett@xxxxxxxxxx> wrote:
>
> > enum lockdown_reason {
> > LOCKDOWN_NONE,
> > + LOCKDOWN_MODULE_SIGNATURE,
> > LOCKDOWN_INTEGRITY_MAX,
> > LOCKDOWN_CONFIDENTIALITY_MAX,
> > };
>
> Aren't you mixing disjoint sets?

The goal is to be able to check whether any given lockdown reason is a
matter of integrity or confidentiality in a straightforward way.

> > + [LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
>
> Wouldn't it be better to pass this string as a parameter to
> security_locked_down()?

I thought about that, but it's not how any other LSM hooks behave. I
think it's probably easier to revisit that when we see how other LSMs
want to make use of the data.