MODSIGN: Add FIPS policy

If we're in FIPS mode, we should panic if we fail to verify the signature on a module or we're asked to load an unsigned module in signature enforcing mode. Possibly FIPS mode should automatically enable enforcing mode. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

MODSIGN: Add FIPS policy
If we're in FIPS mode, we should panic if we fail to verify the signature on a module or we're asked to load an unsigned module in signature enforcing mode. Possibly FIPS mode should automatically enable enforcing mode. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
1d0059f3 · David Howells · Rusty Russell · 106a4ee2 · 1d0059f3
Commit 1d0059f3 authored Sep 26, 2012 by David Howells Committed by Rusty Russell Oct 10, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

kernel/module.c kernel/module.c +4 -0

No files found.
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -58,6 +58,7 @@
 #include <linux/jump_label.h>
 #include <linux/pfn.h>
 #include <linux/bsearch.h>
+#include <linux/fips.h>
 #include "module-internal.h"

 #define CREATE_TRACE_POINTS
@@ -2447,6 +2448,9 @@ static int module_sig_check(struct load_info *info,
 	}

 	/* Not having a signature is only an error if we're strict. */
+	if (err < 0 && fips_enabled)
+		panic("Module verification failed with error %d in FIPS mode\n",
+		      err);
 	if (err == -ENOKEY && !sig_enforce)
 		err = 0;