Commit 1d0059f3 authored by David Howells's avatar David Howells Committed by Rusty Russell

MODSIGN: Add FIPS policy

If we're in FIPS mode, we should panic if we fail to verify the signature on a
module or we're asked to load an unsigned module in signature enforcing mode.
Possibly FIPS mode should automatically enable enforcing mode.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
parent 106a4ee2
...@@ -58,6 +58,7 @@ ...@@ -58,6 +58,7 @@
#include <linux/jump_label.h> #include <linux/jump_label.h>
#include <linux/pfn.h> #include <linux/pfn.h>
#include <linux/bsearch.h> #include <linux/bsearch.h>
#include <linux/fips.h>
#include "module-internal.h" #include "module-internal.h"
#define CREATE_TRACE_POINTS #define CREATE_TRACE_POINTS
...@@ -2447,6 +2448,9 @@ static int module_sig_check(struct load_info *info, ...@@ -2447,6 +2448,9 @@ static int module_sig_check(struct load_info *info,
} }
/* Not having a signature is only an error if we're strict. */ /* Not having a signature is only an error if we're strict. */
if (err < 0 && fips_enabled)
panic("Module verification failed with error %d in FIPS mode\n",
err);
if (err == -ENOKEY && !sig_enforce) if (err == -ENOKEY && !sig_enforce)
err = 0; err = 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment