[PATCH 1/2][Cosmic] UBUNTU: SAUCE: (efi-lockdown) module: trust keys from secondary keyring for module signing
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Oct 26 18:04:09 UTC 2018
On Fri, Oct 26, 2018 at 11:55:15AM -0600, Seth Forshee wrote:
> BugLink: https://bugs.launchpad.net/bugs/1798863
>
> For signing dkms modules we use a machine owner key whose public
> half is enrolled into shim. This gets imported into the kernel's
> secondary keyring, thus keys in this keyring need to be trusted
> for module signing.
>
> Unfortunately the revision of the "secure boot lockdown" patches
> imported into cosmic had a bug whereby keys in the secondary
> keyring are not trusted for module signing. Another bug resulted
> in the modules still being loaded under lockdown, so before
> fixing that bug we need to fix the bug with trusting the MOK for
> module signing so that dkms modules sigend with the MOK will
> continue to load.
>
> CVE-2018-18653
>
> Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
> ---
> kernel/module_signing.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/module_signing.c b/kernel/module_signing.c
> index 937c844bee4a..d3d6f95a96b4 100644
> --- a/kernel/module_signing.c
> +++ b/kernel/module_signing.c
> @@ -81,6 +81,6 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
> }
>
> return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
> - NULL, VERIFYING_MODULE_SIGNATURE,
> + (void *)1UL, VERIFYING_MODULE_SIGNATURE,
> NULL, NULL);
> }
> --
> 2.19.1
Shouldn't we be using VERIFY_USE_SECONDARY_KEYRING instead? It's defined on cosmic.
include/linux/verification.h:#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
More information about the kernel-team
mailing list