From patchwork Wed May 10 18:20:53 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mehmet Kayaalp X-Patchwork-Id: 9720465 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F3EE0603F8 for ; Wed, 10 May 2017 18:21:47 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2342228628 for ; Wed, 10 May 2017 18:21:48 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 17EB628623; Wed, 10 May 2017 18:21:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A779528607 for ; Wed, 10 May 2017 18:21:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932384AbdEJSVo (ORCPT ); Wed, 10 May 2017 14:21:44 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:50328 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932380AbdEJSVn (ORCPT ); Wed, 10 May 2017 14:21:43 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v4AHwV0Y125475 for ; Wed, 10 May 2017 14:21:32 -0400 Received: from e32.co.us.ibm.com (e32.co.us.ibm.com [32.97.110.150]) by mx0a-001b2d01.pphosted.com with ESMTP id 2ac4exbjmn-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 10 May 2017 14:21:32 -0400 Received: from localhost by e32.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 10 May 2017 12:21:31 -0600 Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20) by e32.co.us.ibm.com (192.168.1.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 10 May 2017 12:21:28 -0600 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v4AILRaV16318896; Wed, 10 May 2017 11:21:27 -0700 Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9C1D478041; Wed, 10 May 2017 12:21:27 -0600 (MDT) Received: from dogbert.watson.ibm.com (unknown [9.2.195.28]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id DF0BB78037; Wed, 10 May 2017 12:21:26 -0600 (MDT) From: Mehmet Kayaalp To: David Howells Cc: David Woodhouse , keyrings , LSM , kernel , Mimi Zohar , Stefan Berger , George Wilson , Mehmet Kayaalp Subject: [PATCH v5 1/4] KEYS: Insert incompressible bytes to reserve space in bzImage Date: Wed, 10 May 2017 14:20:53 -0400 X-Mailer: git-send-email 2.7.4 In-Reply-To: <1494440456-28671-1-git-send-email-mkayaalp@linux.vnet.ibm.com> References: <1494440456-28671-1-git-send-email-mkayaalp@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17051018-0004-0000-0000-0000121EBE85 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00007043; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000210; SDB=6.00858770; UDB=6.00425549; IPR=6.00638244; BA=6.00005342; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00015399; XFM=3.00000015; UTC=2017-05-10 18:21:31 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17051018-0005-0000-0000-00007F39C691 Message-Id: <1494440456-28671-2-git-send-email-mkayaalp@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-05-10_14:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1705100123 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Include a random filled binary in vmlinux at the space reserved with CONFIG_SYSTEM_EXTRA_CERTIFICATE. This results in an uncompressed reserved area inside the bzImage as well, so that it can be replaced with an actual certificate later (after the bzImage is distributed). The bzImage contains a stripped ELF file with one section containing the compressed vmlinux. If the reserved space is initially filled with zeros, certificate insertion will cause a size increase in the compressed vmlinux. In that case, reconstructing the bzImage would require relocation. To avoid this situation, the reserved space is initially filled with random bytes. Since a certificate contains some compressible bytes, after insertion the vmlinux will hopefully be compressed to a smaller size. Signed-off-by: Mehmet Kayaalp --- certs/.gitignore | 1 + certs/Makefile | 21 ++++++++++++++++++--- certs/system_certificates.S | 2 +- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/certs/.gitignore b/certs/.gitignore index f51aea4..4ecc8dd 100644 --- a/certs/.gitignore +++ b/certs/.gitignore @@ -2,3 +2,4 @@ # Generated files # x509_certificate_list +extra_cert_placeholder diff --git a/certs/Makefile b/certs/Makefile index 4119bb3..ad04feb 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -15,7 +15,12 @@ ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS)) # GCC doesn't include .incbin files in -MD generated dependencies (PR#66871) -$(obj)/system_certificates.o: $(obj)/x509_certificate_list +ifeq ($(CONFIG_SYSTEM_EXTRA_CERTIFICATE),y) +system_certs_incbin = $(obj)/x509_certificate_list $(obj)/extra_cert_placeholder +else +system_certs_incbin = $(obj)/x509_certificate_list +endif +$(obj)/system_certificates.o: $(system_certs_incbin) # Cope with signing_key.x509 existing in $(srctree) not $(objtree) AFLAGS_system_certificates.o := -I$(srctree) @@ -23,12 +28,22 @@ AFLAGS_system_certificates.o := -I$(srctree) quiet_cmd_extract_certs = EXTRACT_CERTS $(patsubst "%",%,$(2)) cmd_extract_certs = scripts/extract-cert $(2) $@ || ( rm $@; exit 1) -targets += x509_certificate_list +targets += $(system_certs_incbin) $(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE $(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS)) + +ifeq ($(CONFIG_SYSTEM_EXTRA_CERTIFICATE),y) +# Generate incompressible bytes. Use seed to make it reproducible +quiet_cmd_placeholder = EXTRA_CERT_PLACEHOLDER + cmd_placeholder = perl -e 'srand(0); printf("%c", int(rand(256))) for (1..$(2))' > $@ + +$(obj)/extra_cert_placeholder: FORCE + $(call if_changed,placeholder,$(CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE)) +endif + endif -clean-files := x509_certificate_list .x509.list +clean-files := $(system_certs_incbin) .x509.list ifeq ($(CONFIG_MODULE_SIG),y) ############################################################################### diff --git a/certs/system_certificates.S b/certs/system_certificates.S index c9ceb71..02b9222 100644 --- a/certs/system_certificates.S +++ b/certs/system_certificates.S @@ -17,7 +17,7 @@ __cert_list_end: .globl VMLINUX_SYMBOL(system_extra_cert) .size system_extra_cert, CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE VMLINUX_SYMBOL(system_extra_cert): - .fill CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE, 1, 0 + .incbin "certs/extra_cert_placeholder" .align 4 .globl VMLINUX_SYMBOL(system_extra_cert_used)