Manually signing kernel modules 手動簽名 ko driver

Building the kernel with proper keys

user $ openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.priv


Manually signing modules

If you ever need to manually sign a kernel module, you can use the scripts/sign-file script available in the Linux kernel source tree. It requires four arguments:

  1. The hash algorithm to use, such as sha512
  2. The private key location
  3. The certificate (which includes the public key) location
  4. The kernel module to sign

In this case, the key pair does not need to be named signing_file.priv and such, nor do they need to be in the root of the Linux kernel source tree location.

user $ perl /usr/src/linux/scripts/sign-file sha512 /mnt/sdcard/kernel-signkey.priv /mnt/sdcard/kernel-signkey.x509 vxlan.ko


Validating module signature support

user $ hexdump -C vxlan.ko | tail

To remove the signature, we can use the strip command:

root # strip –strip-debug vxlan.ko
root # hexdump -C vxlan.ko | tail
未經允許不得轉載:GoMCU » Manually signing kernel modules 手動簽名 ko driver

評論 搶沙發

  • 昵稱 (必填)
  • 郵箱 (必填)
  • 網址