From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from gallifrey.ext.pengutronix.de
 ([2001:67c:670:201:5054:ff:fe8d:eefb] helo=bjornoya.blackshift.org)
 by metis.ext.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <mkl@pengutronix.de>) id 1lRrDj-0004Oq-Cj
 for ptxdist@pengutronix.de; Thu, 01 Apr 2021 08:54:23 +0200
Received: from [IPv6:2a03:f580:87bc:d400:3432:3a72:abbc:cd9] (unknown
 [IPv6:2a03:f580:87bc:d400:3432:3a72:abbc:cd9])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest
 SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mkl@blackshift.org",
 Issuer "StartCom Class 1 Client CA" (not verified))
 (Authenticated sender: mkl@blackshift.org)
 by smtp.blackshift.org (Postfix) with ESMTPSA id 5AFDC6057F0
 for <ptxdist@pengutronix.de>; Thu,  1 Apr 2021 06:54:22 +0000 (UTC)
References: <0bed7ba17cc82c39c5f46432b1309a7de0bc1491.camel@diehl.com>
 <20210401055938.GJ8755@pengutronix.de>
From: Marc Kleine-Budde <mkl@pengutronix.de>
Message-ID: <f0855dc5-c5c8-3496-97c7-fd9e9fa8b683@pengutronix.de>
Date: Thu, 1 Apr 2021 08:54:17 +0200
MIME-Version: 1.0
In-Reply-To: <20210401055938.GJ8755@pengutronix.de>
Subject: Re: [ptxdist] [PATCH v3] kernel: proper handle signed modules
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/cgi-bin/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Reply-To: ptxdist@pengutronix.de
Content-Type: multipart/mixed; boundary="===============0589129526=="
Errors-To: ptxdist-bounces@pengutronix.de
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
To: ptxdist@pengutronix.de

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0589129526==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="ZnozxlLI4Fbr1APS88Ubusqw4CEEfwdi6"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ZnozxlLI4Fbr1APS88Ubusqw4CEEfwdi6
Content-Type: multipart/mixed; boundary="4jRS8LhmanYY4SRduMMRFJkeY1geqiep4";
 protected-headers="v1"
From: Marc Kleine-Budde <mkl@pengutronix.de>
To: ptxdist@pengutronix.de
Message-ID: <f0855dc5-c5c8-3496-97c7-fd9e9fa8b683@pengutronix.de>
Subject: Re: [ptxdist] [PATCH v3] kernel: proper handle signed modules
References: <0bed7ba17cc82c39c5f46432b1309a7de0bc1491.camel@diehl.com>
 <20210401055938.GJ8755@pengutronix.de>
In-Reply-To: <20210401055938.GJ8755@pengutronix.de>

--4jRS8LhmanYY4SRduMMRFJkeY1geqiep4
Content-Type: text/plain; charset=utf-8
Content-Language: de-DE
Content-Transfer-Encoding: quoted-printable

On 4/1/21 7:59 AM, Michael Olbrich wrote:
> On Wed, Mar 31, 2021 at 11:37:11AM +0000, Denis Osterland-Heim wrote:
>> If CONFIG_MODULE_SIG_ALL is set in kernelconfig then modules will be
>> automatically signed during the modules_install phase of a kernel buil=
d.
>>
>> Signed modules are BRITTLE as the signature is outside of the defined =
ELF
>> container. Thus they MAY NOT be stripped once the signature is compute=
d
>> and attached. Note the entire module is the signed payload, including =
any
>> and all debug information present at the time of signing.
>>
>> See: https://www.kernel.org/doc/html/latest/admin-guide/module-signing=
=2Ehtml
>> Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com>
>> ---
>> v2 -> v3:
>>  - move TARGET_COMPILER_RECORD_SWITCHES to PTXDIST_LOWLEVEL_WRAPPER_BL=
ACKLIST
>=20
> Marc, what do you think?

lgtm

Marc

--=20
Pengutronix e.K.                 | Marc Kleine-Budde           |
Embedded Linux                   | https://www.pengutronix.de  |
Vertretung West/Dortmund         | Phone: +49-231-2826-924     |
Amtsgericht Hildesheim, HRA 2686 | Fax:   +49-5121-206917-5555 |


--4jRS8LhmanYY4SRduMMRFJkeY1geqiep4--

--ZnozxlLI4Fbr1APS88Ubusqw4CEEfwdi6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEK3kIWJt9yTYMP3ehqclaivrt76kFAmBlbhkACgkQqclaivrt
76minwf/fH98L8bpCum+wTy5S9nUjMMaAda6L7cwHzHJxluN2g6kdttuEVprSsnk
Du90c0aR947U1tEYk3DYJkHWv+NIB4ZppT09NoOSiGhigfNoIoe6kG7OEqSOnCxH
F36IKbxUsBzDQXQ9EGLZ1jFT/Hy9V0A+JJzeAYwfgU1a+3cD9hAyzPYK+5qT5Utl
B9ya90VLdNkPQ7r1FmflHnBJSYSNcsoJY4r+Yh4alI0OvB9DMivh4AOM708ZWeFK
AMzSbrF00FtS+bxzfANDG9xv3GNZ53Vd/x+z2Q+vO2yTthIjWYlvyY3lMbJTsuoI
mEOGMxrhb06BHAyXP1AcUapfvAGr7g==
=5Ko+
-----END PGP SIGNATURE-----

--ZnozxlLI4Fbr1APS88Ubusqw4CEEfwdi6--


--===============0589129526==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

--===============0589129526==--