[Fedora 09/19] binfmt_elf: Elf executable signature verification

Thu Sep 5 15:06:10 UTC 2013

On Wed, 2013-09-04 at 21:37 -0400, Josh Boyer wrote:

> > +config BINFMT_ELF_SIG
> > +       bool "ELF binary signature verification"
> > +       depends on BINFMT_ELF
> > +       select INTEGRITY
> > +       select INTEGRITY_SIGNATURE
> > +       select INTEGRITY_ASYMMETRIC_KEYS
> > +       select IMA
> > +       select IMA_APPRAISE
> > +       select SYSTEM_TRUSTED_KEYRING
> > +       default n
> > +       ---help---
> > +         Check ELF binary signature verfication.
> 
> Please don't do this.  Yes, it's technically viable to select all the
> things you need, but this turns on entire subsystems we don't have
> enabled.  In months when the maintainers have long forgotten about
> this, we have to go figure out what turned on INTEGRITY and IMA
> because they aren't explicitly set in the config-* fragments.  It's
> really frustrating.

And it's just plain wrong.  CONFIG_IMA requires CONFIG_TCG_TPM.  But
select is not recursive.  So can end up with a config where IMA is on,
but TPM is off...