Skip to main content
Topic: Linux 4.17.1 NSA:Speck module (Read 10069 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Re: Linux 4.17.1 NSA:Speck module

Reply #1
Blacklist the module.
linux-4.17.2 will have the module disabled and not built.

Re: Linux 4.17.1 NSA:Speck module

Reply #2
Code: [Select]
linux	/boot/vmlinuz-linux root=UUID=000000000 rw quiet net.ifnames=0  CONFIG_CRYPTO_SPECK=0

Would this be sufficient to add this to the bootloader command line?


Re: Linux 4.17.1 NSA:Speck module

Reply #4
That document doesn't say much

Re: Linux 4.17.1 NSA:Speck module

Reply #5
I'd like to know the proper way to blacklist Speck and Simon as well.  The links don't provide much detail other that how to use blacklist.conf and the Arch thread doesn't help either.
OS: Artix x86_64
Host: Predator PH517-61 V1.07
CPU: AMD Ryzen 7 2700 (16) @ 3.2GHz [112.4°F]
GPU: AMD ATI Radeon RX Vega 56/64
Memory: 1129MiB / 64390MiB

Re: Linux 4.17.1 NSA:Speck module

Reply #6
Find the module with `lsmod`, and then add the following to /etc/modprobe.d/blacklist.conf

Code: [Select]
blacklist <name_of_module>

This is all there in that link artoo posted. Read it again carefully

Re: Linux 4.17.1 NSA:Speck module

Reply #7
Find the module with `lsmod`, and then add the following to /etc/modprobe.d/blacklist.conf

Code: [Select]
blacklist <name_of_module>

This is all there in that link artoo posted. Read it again carefully

That part is obvious.  But if there is something specific for this case thats the part I'm looking for.  I dont know what the modules are called yet because I'm not on the 4.17 kerel yet and I want to make sure that it doesn't also require something being added to grub, etc.
OS: Artix x86_64
Host: Predator PH517-61 V1.07
CPU: AMD Ryzen 7 2700 (16) @ 3.2GHz [112.4°F]
GPU: AMD ATI Radeon RX Vega 56/64
Memory: 1129MiB / 64390MiB

Re: Linux 4.17.1 NSA:Speck module

Reply #8
II think the module name is CONFIG_CRYPTO_SPECK   as I listed in that hupothetical grub line above.
It is not much of an issue as long as you don't intentionally use it, it is like most of the stuff in the kernel that don't get used at all or most of the time.
But this linus guy has been sleeping around with strange bed fellows.  It is time people took notice.

Re: Linux 4.17.1 NSA:Speck module

Reply #9
To be honest, without knowing what the source code of the module does just having it there could be an issue.  I'm not a developer so I wouldn't be able to definitively make that determination.
OS: Artix x86_64
Host: Predator PH517-61 V1.07
CPU: AMD Ryzen 7 2700 (16) @ 3.2GHz [112.4°F]
GPU: AMD ATI Radeon RX Vega 56/64
Memory: 1129MiB / 64390MiB

Re: Linux 4.17.1 NSA:Speck module

Reply #10
Since I don't really understand what this NSA module is all about I have downgraded back to 4.16.12-1-ARTIX until 4.17.2 is released...just for my peace of mind.

Best regards.
We should try to be kind to everyone.....we are all fighting some sort of battle.

Re: Linux 4.17.1 NSA:Speck module

Reply #11
I cant find that module in my system - is this a new introduction in 4.17 linus?

I have below installed.

Code: [Select]
$ uname -a
4.16.12-1-ARTIX #1 SMP PREEMPT Sat May 26 13:30:18 UTC 2018 x86_64 GNU/Linux

Re: Linux 4.17.1 NSA:Speck module

Reply #12
yes it is in 4.17

As far as I can understand it is a set of cryptography algorithms that have been proposed as the future standard of cryptography for all internet "the internet of things".  Luckily it has been rejected as an iso standard but a google engineer went ahead wrote the module and it was incorporated in linux.4.17
The excuse is that it runs very fast so weak arm devices can encrypt and decrypt in logical amounts of time
The critics say that the nosuchagency proposal must be for encryption that they can decrypt easily, therefore there must be a backdoor to it, you have to know it to break it.
It can't hurt you till you use it and be under the impression your data is secure by this encryption.  But do you know?  When you log in to your paypal account do you know what encryption is used to transfer the data to your screen?

The sad thing is we have relied on linux to make wise decisions for such matters for us, we had delegated this power and we slept easy.  Open and Free doesn't mean jack shit anymore when large corporations and government agencies can dictate what open and free goes in your system and what stays out.

Just when you thought you can escape with an alternative init system

Re: Linux 4.17.1 NSA:Speck module

Reply #13

It can't hurt you till you use it


This isn't necessarily true.  A module injected into the kernel, at the kernel level or present on the system which can later on be injected into the kernel, can be much more than just a simple crappy encryption module.  We don't know it's payload and even if we investigate it now, because it's already in the system, whos to say that it won't contain a more nafarious payload later on after it passes a code analysis?  I don't know anyone that is going to re-analyze each time it's updated.  Hopefully artix will not compile it during kernel updates and cover the majority and we won't have it on our systems so we don't as individuals have to jump through hoops compiling our own kernel's without it after the fact.  Besides, is there any intent for Artix to run on any IoT hardware?  If not, then we don't need it at all.
OS: Artix x86_64
Host: Predator PH517-61 V1.07
CPU: AMD Ryzen 7 2700 (16) @ 3.2GHz [112.4°F]
GPU: AMD ATI Radeon RX Vega 56/64
Memory: 1129MiB / 64390MiB

 

Re: Linux 4.17.1 NSA:Speck module

Reply #14
Blacklist the module.
linux-4.17.2 will have the module disabled and not built.

Can you (or someone on the team) confirm that it was disabled?

Code: [Select]
system/linux 4.17.2-1 (base) [installed: 4.16.12-1]
    The Linux kernel and modules
system/linux-headers 4.17.2-1 [installed: 4.16.12-1]
    Header files and scripts for building modules for Linux kernel