Trust system write-up
Simon J. Gerraty
sjg at juniper.net
Mon Oct 23 22:53:10 UTC 2017
Eric McCorkle <eric at metricspace.net> wrote:
> > Any thoughts on how to validate executables which are not elf binaries,
> > such as shell scripts, python programs, etc?
>
> I hadn't really thought in depth about it, as my main initial goal is
> signed kernel/modules, but I have given it some thought...
>
> An alternative is something like the NetBSD veriexec framework, where
Yes, as previously mentioned the verified exec model deals with this
neatly, and btw is more efficient than signing individual files - as is
needed with ELF signing etc. I think for linux based platforms using IMA we
need to generate 20-30k+ signatures, vs about a dozen for platforms using
verified exec, verification is also more expensive I'm told.
> there's MACs for specific files. That stuff is mostly orthogonal to the
> public-key approach I'm working on here, but there's possibly some
> interplay.
Yes, you use the public key stuff to sign the manifests containing the
blessed fingerprints.
This is what Junos has been doing for more than a decade.
Your "trust" database, might be useful in being able to extend that to
general use.
The trust model we use for Junos is deliberately very restrictive
and thus of most use to embedded vendors.
More information about the freebsd-security
mailing list