• Code signing is the process of digitally
signing executables and scripts to conﬁrm
the software author and guarantee that the
code has not been altered.
• All sorts of code should be signed, including
tools, applications, scripts, libraries, plug-ins,
and other “code-like” data.
• Ensure the integrity of the code; that it has
not been altered.
• Identify the code as coming from a speciﬁc
source (the vendor or signer).
• Determine whether the code is trustworthy
for a speciﬁc purpose (for example, to
access a keychain, or parent control).
Signed Code Includes
• A unique identiﬁer, used to identify the code
or to determine to which groups or
categories the code belongs.
• A collection of checksums of the various
parts of the program, such as the identiﬁer,
the main executable, the resource ﬁles.
• A digital signature, which signs the seal to
guarantee its integrity.
What It can do
• Content Source: End users can conﬁrm that
the software really comes from the
publisher who signed it.
• Content Integrity: End users can verify that
the software has not been altered or
corrupted since it was signed.
What It cannot do
• It can’t guarantee that the code is free of
• It can’t guarantee that a program will not
load unsafe or altered code—such as
untrusted plug-ins—during execution.
• It can’t determine how much to “trust” the
• Attacks from administrator.
• The user is likely to be bothered with
additional dialog boxes and prompts for
unsigned code that they don’t see with
signed code, and unsigned code might not
work as expected with some system
• Computation and storage overhead.
• Codesign Tool: used to create, check, and
display code signatures.
• Kernel Module: Implement LSM (Linux
Security Module) hook to check the
signature in ELF.
• User-space Daemon: Do the checking, called
by kernel module.
User vs Kernel
What user-space daemons can do but kernel
• Perform a long-running computation, block
while waiting for an event;
• Access ﬁle system, network and devices;
• Get interactive input from user or pop up
User & Kernel
• Splitting the implementation between kernel
and user space is quite common in Linux.
• Only the most essential and performance-
critical code are placed in the kernel.
• Other things, such as GUI, management and
control code, typically are programmed as
How to Communicate?
• IPC between kernel and user space:
- system calls,
- proc ﬁlesystem
- netlink socket
• Full-duplex communication link by way of