From patchwork Thu Sep 14 11:27:37 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Alessandro Carminati (Red Hat)"
 <alessandro.carminati@gmail.com>
X-Patchwork-Id: 14004
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:612c:172:b0:3f2:4152:657d with SMTP id h50csp512852vqi;
        Thu, 14 Sep 2023 10:36:16 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IF4YgKgR7S8B0Z0oxhKadevHOqVRjWAMK8DUTAZSC1ip8SByIMk3PwMXXOEW/v/IokTR+gt
X-Received: by 2002:a05:6a20:3d22:b0:14c:4dfc:9766 with SMTP id
 y34-20020a056a203d2200b0014c4dfc9766mr6857001pzi.46.1694712975782;
        Thu, 14 Sep 2023 10:36:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694712975; cv=none;
        d=google.com; s=arc-20160816;
        b=sS2oCNffqDl6bN/AE997OucSmDl3vJLoUf0+u/tdF7OxjswXuzChq6y2271hMuXPG4
         Oi5Z3bekeiB8JHHYMJOXIeiNEMDckJt/YuEKgUNd3q1hza9+jzM7fzKzu22rzgc+7dfN
         0wZhnPEBu0Q0aNvJ8IWxg7PnsAHWQeG1FWNfGXOVfP2nGle7IMFQTpLp39gv2YRnSCX0
         faBn2zJLGy2/GXz4/xm4y3vewDeILq7wU3aJkVeKBLevFLORLCTYJCUc2lx0MWFuj3xr
         hh3ylAr0hPNVz8qeGDOUvm4r2v6tGyn1WE29s/FW8t1gIW0RRL8bRHJqyypD8Kka8fYb
         lWSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=xQ4JSvALWwFERJLvgTZEaGF4FKSCIvpNYYc8CXH5D3Q=;
        fh=5+Fj4/C1BEhc4B3kvYcX4deFZcFigYEq5dS0FMmuoVc=;
        b=FdiUsmNw2V3aPmbgdos4Reda8QXxqngbCmcMPUAyebrxx9xwjCxR7BTizD6nkOMBu1
         fN6nrP1n0K5u7rCQvFxPotsNya/cMQQIhYxisdQgJdYufhTGmchInrorM8WzTRsEnkog
         cGXfMWKklXDghE8pwjRZhwlNcM5dGWQSS7CANns8dO7I8KwGjcexydswNB3fKTGsyULS
         G1BRjEeIjrJ6rJyV3S6sLL15QQKaCV+j1HJ92nJpQzPMYi0d7tDS2IwO5vU2rioMNrCX
         l4XXofUdDWAt3Nj/zmKzkk/7MRctcOqrfJL6hIrjc/1Klm8HVqTmf/wRcxBEBA0J7Zzz
         x4gg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20221208 header.b=aWHFjFUm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.34 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from howler.vger.email (howler.vger.email. [23.128.96.34])
        by mx.google.com with ESMTPS id
 x63-20020a638642000000b00565617189e2si1774291pgd.839.2023.09.14.10.36.15
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 14 Sep 2023 10:36:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20221208 header.b=aWHFjFUm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.34 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by howler.vger.email (Postfix) with ESMTP id DBBB78325D2F;
	Thu, 14 Sep 2023 04:28:44 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S237808AbjINL2j (ORCPT <rfc822;chrisfriedt@gmail.com>
        + 35 others); Thu, 14 Sep 2023 07:28:39 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36510 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237872AbjINL20 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 14 Sep 2023 07:28:26 -0400
Received: from mail-wm1-x334.google.com (mail-wm1-x334.google.com
 [IPv6:2a00:1450:4864:20::334])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 58B8E2109;
        Thu, 14 Sep 2023 04:28:18 -0700 (PDT)
Received: by mail-wm1-x334.google.com with SMTP id
 5b1f17b1804b1-401da71b83cso9083515e9.2;
        Thu, 14 Sep 2023 04:28:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1694690896; x=1695295696;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=xQ4JSvALWwFERJLvgTZEaGF4FKSCIvpNYYc8CXH5D3Q=;
        b=aWHFjFUmu7LSGmcs1LejzkoRXO/xS3DmcN8e+ZcMY2QmpE5NiegdkFudCexMadWZf2
         D/qLMXeOVpuQ28d6meaAp/iu3r6dt2x7jDbTgAca6Gr4YTtvvedMz/7JWZg0ym8hBNvP
         xD02SwF9eNK0F2aM01su00WUlnwoIIVFE0g/sZhk8Dr3jGXk/5MmfYPieG5Xv2HTQI5z
         hFxQpcBWd0F1R8dtd3eEIUQsQVO74AgwSh0CN+fC4cTt0hxGKUAb1wRzNgD79tXJAho4
         t+lkMh8zZwBh8gMH96lTE/r/cz7TjZTV2r6TNgv4jNIiTJKWbsLXwLJ5ATzRXM0DL5Ie
         FFPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1694690896; x=1695295696;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=xQ4JSvALWwFERJLvgTZEaGF4FKSCIvpNYYc8CXH5D3Q=;
        b=WiIPoNeTZv0uUPFYl1LFoakNXYQKf3efb7Kc7XCwcGpy4TfXqBacY0FBby1+oVj0Q9
         wHcpF/qaAYKV0gghaoWfE48S5Y0aJNRu0nTqnCfYHfI0CutsSnk76WmuXRhWglp/xgtF
         9E4GIoasMCG9ATlCfiRK/g6o/jvXwHU+PUq3BSCJQsFBUptZj2IStK5X8Tl32rKo501b
         G4kjC/jSDSyJ4gb4VM0lwyrjrdiwJynlTOjfPy1sfsiPv8cMj9wv7D8vvyB14ePsYWQr
         4LKNnbcGGwWEhbYuK8hmh4rV2KKXsn44HQTJjF9Dg6vokSCDl2eUARclm/bYzy3JuiNs
         0/BA==
X-Gm-Message-State: AOJu0YzjtcXgfokzV/znam+Hah89/elzWZbiMpBVaa74QbX6weLf9Dtd
        eS4S64fO6iHISisN+prk4iMw6Aes7frh9Q==
X-Received: by 2002:a1c:7912:0:b0:3fe:2b60:b24e with SMTP id
 l18-20020a1c7912000000b003fe2b60b24emr4484855wme.29.1694690896217;
        Thu, 14 Sep 2023 04:28:16 -0700 (PDT)
Received: from lab.hqhome163.com ([194.183.10.152])
        by smtp.googlemail.com with ESMTPSA id
 l36-20020a05600c1d2400b003fef5402d2dsm4786764wms.8.2023.09.14.04.28.15
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 14 Sep 2023 04:28:15 -0700 (PDT)
From: "Alessandro Carminati (Red Hat)" <alessandro.carminati@gmail.com>
To: linux-modules@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, Luis Chamberlain <mcgrof@kernel.org>,
        Jonathan Corbet <corbet@lwn.net>, linux-doc@vger.kernel.org,
        Alessandro Carminati <alessandro.carminati@gmail.com>
Subject: [RFC PATCH 0/2] Enhancing Boot Speed and Security with Delayed Module
 Signature Verification
Date: Thu, 14 Sep 2023 11:27:37 +0000
Message-Id: <20230914112739.112729-1-alessandro.carminati@gmail.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-type: text/plain
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
 not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]);
 Thu, 14 Sep 2023 04:28:44 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1777035353288963436
X-GMAIL-MSGID: 1777035353288963436

This patch sets up a new feature to the Linux kernel to have the ability,
while module signature checking is enabled, to delay the moment where
these signatures are effectively checked. The feature is structure into
two main key points, the feature can be enabled by a new command line
kernel argument, while in delay mode, the kernel waits until the
userspace communicates to start checking signature modules.
This operation can be done by writing a value in a securityfs file,
which works the same as /sys/kernel/security/lockdown.

Patch 1/2: Modules: Introduce boot-time module signature flexibility
The first patch in this set fundamentally alters the kernel's behavior
at boot time by implementing a delayed module signature verification
mechanism. It introduces a new boot-time kernel argument that allows
users to request this delay. By doing so, we aim to capitalize on the
cryptographic checks already performed on the kernel and initrd images
during the secure boot process. As a result, we can significantly
improve the boot speed without compromising system security.

Patch 2/2: docs: Update kernel-parameters.txt for signature verification
enhancement
The second patch is just to update the kernel parameters list
documentation.

Background and Motivation
In certain contexts, boot speed becomes crucial. This patch follows the
recognition that security checks can at times be redundant. Therefore,
it proves valuable to skip those checks that have already been validated.

In a typical Secure Boot startup with an initrd, the bootloader is
responsible for verifying artifacts before relinquishing control. In a
verified initrd image, it is reasonable to assume that its content is
also secure. Consequently, verifying module signatures may be deemed
unnecessary.
This patch introduces a feature to skip signature verification during
the initrd boot phase.

Alessandro Carminati (Red Hat) (2):
  Modules: Introduce boot-time module signature flexibility
  docs: Update kernel-parameters.txt for signature verification
    enhancement

 .../admin-guide/kernel-parameters.txt         |  9 +++
 include/linux/module.h                        |  4 ++
 kernel/module/main.c                          | 14 +++--
 kernel/module/signing.c                       | 56 +++++++++++++++++++
 4 files changed, 77 insertions(+), 6 deletions(-)