MODSIGN: Add FIPS policy If we're in FIPS mode, we should panic if we fail to verify the signature on a module or we're asked to load an unsigned module in signature enforcing mode. Possibly FIPS mode should automatically enable enforcing mode. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

commit: 1d0059f3a468825b5fc5405c636a2f6e02707ffa [log] [tgz]
author: David Howells <dhowells@redhat.com> Wed Sep 26 10:09:50 2012 +0100
committer: Rusty Russell <rusty@rustcorp.com.au> Wed Oct 10 20:01:19 2012 +1030
tree: 0eef1243a093410f39564051d8904c8041e1e717
parent: 106a4ee258d14818467829bf0e12aeae14c16cd7 [diff]
diff --git a/kernel/module.c b/kernel/module.c
index 68c564e..0e2da86 100644
--- a/kernel/module.c
+++ b/kernel/module.c

@@ -58,6 +58,7 @@
 #include <linux/jump_label.h>
 #include <linux/pfn.h>
 #include <linux/bsearch.h>
+#include <linux/fips.h>
 #include "module-internal.h"
 
 #define CREATE_TRACE_POINTS
@@ -2447,6 +2448,9 @@
 	}
 
 	/* Not having a signature is only an error if we're strict. */
+	if (err < 0 && fips_enabled)
+		panic("Module verification failed with error %d in FIPS mode\n",
+		      err);
 	if (err == -ENOKEY && !sig_enforce)
 		err = 0;
commit	1d0059f3a468825b5fc5405c636a2f6e02707ffa	[log] [tgz]
author	David Howells <dhowells@redhat.com>	Wed Sep 26 10:09:50 2012 +0100
committer	Rusty Russell <rusty@rustcorp.com.au>	Wed Oct 10 20:01:19 2012 +1030
tree	0eef1243a093410f39564051d8904c8041e1e717
parent	106a4ee258d14818467829bf0e12aeae14c16cd7 [diff]