This is the mail archive of the
elfutils-devel@sourceware.org
mailing list for the elfutils project.
Adding a Cryptographic Signature to a Linux Kernel Module
- From: Dave Brolley <brolley at redhat dot com>
- To: elfutils-devel at lists dot fedorahosted dot org
- Date: Thu, 12 Feb 2009 14:58:50 -0500
- Subject: Adding a Cryptographic Signature to a Linux Kernel Module
Hi,
I'm working on a compilation server for Systemtap
(http://sources.redhat.com/systemtap). This server analyzes and compiles
Systemtap scripts and returns the resulting kernel module (.ko) to the
client. We would like to have the server cryptographically sign the
resulting module for security reasons (tampering) and also for
certification reasons. This would allow a local sysadmin to authorize
the loading of modules created by a given server on his system, provided
that certain restrictions are met.
We are considering an idea proposed by Roland McGrath in which the
server would use NSS libraries to create the signature of the module and
then add that signature to a special section of the module using
elfutils. The client would then extract (remove) the signature and use
it to verify the original module against a local certificate database.
Roland suggested during a Red Hat Systemtap meeting that there is a
"right way to do this" and that he had some ideas, but he also suggested
starting a public discussion for additional input.
So, if you have ideas, comments, concerns about the "right way" of
implementing this plan or have a better idea then, please, let's talk
about it.
Dave