Kernel Module Signing

tux

Kernel Module Signing

Today I will talk about one of the most interesting security feature of Linux
kernel modules.

Linux kernel allows to load and unload modules dynamically. These modules
can be in-tree or out-of-tree built. But when it comes to security, you may think
that this facility can lead to insertion of malicious modules in kernel. But you
might have noticed that only super user can load modules. This is not the always
case, your hotplug tool loads modules on your behalf. Generally we want more
security on top of this in side kernel to prevent this. It’s called “Kernel Module
Signing”.

Kernel module signing facility cryptographically signs modules while building and
kernel check signature while loading module. This allows increased kernel security
by disallowing untrusted modules getting into kernel.

It uses RSA public key encryption along with hashing algorithm to sign module.
To enable this feature select “CONFIG_MODULE_SIG” under loadable module
support in kernel configuration.

You can completely control loading of modules which are not signed or signed
incorrectly. You can either don’t allow module to be loaded or load module but
is tainted.

If you are interested at looking source code see kernel/module.c and for more
information see Documentation/module-signing.txt

Enjoy!

Post a Comment

You must be logged in to post a comment.
%d bloggers like this: