Proposal for a design for signed kernel/modules/etc
    Eric McCorkle 
    eric at metricspace.net
       
    Mon Apr 24 23:38:14 UTC 2017
    
    
  
On 03/27/2017 15:53, Eric McCorkle wrote:
> On 03/27/2017 14:37, Shawn Webb wrote:
>> Hey Eric,
>>
>> Thank you for writing this! ELF binary signing has been on my
>> ever-growing list of things to research and develop. If you'd like help,
>> please let me know.
> 
> I'll probably spin up a branch on my github in the near future.
I've gotten an implementation of the signelf utility working well enough
to sign some binaries.  You can check it out yourself here:
https://github.com/emc2/freebsd/tree/elf_signing
I also fixed two bugs in libelf in the process :D  However, that means
you'll need to build and install libelf from the repo.
The utility fails when signing files that already have a signature, and
verification is unimplemented at this point.  But at least you can get a
signed binary.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20170424/f5f86405/attachment.sig>
    
    
More information about the freebsd-hackers
mailing list