Project Description

Currently kernel module signature be attached in the end of kernel module (ko file). Scott Bahling has raised that there have some benefits that kernel allows to load module with a separate signature file.

Current module signature is PKCS#7 format, I thought that it's not hard to do that. But we will need a new system call for this.

Goal for this Hackweek

Implement a proof of concept in hackweek 20.

Resources

Base on the latest kernel mainline.

Looking for hackers with the skills:

kernel

This project is part of:

Hack Week 20

Activity

  • about 2 months ago: pperego liked this project.
  • about 2 months ago: mkubecek liked this project.
  • about 2 months ago: fanyadan liked this project.
  • about 2 months ago: joeyli added keyword "kernel" to this project.
  • about 2 months ago: joeyli originated this project.

  • Comments

    • joeyli
      about 2 months ago by joeyli | Reply

      Result: HEAD:users/jlee/stable/modsign-separate on kerncvs.suse.de

      TODO: - Support multi .ko.p7s file. - Search fingerprint in trusted keyring, platform keyring - Modify sign-file ? - Combine with current modverifysig() - coexist with embedded signature

    Similar Projects

    DRM driver for USB-based SiS graphics cards by tdz

    Back in the late 90s to early 2000s, SiS graphi...


    Test mainline kernel on an older Qualcomm SOC (msm89xx), explore current Qualcomm mainlining kernel effort by pvorel

    Project Description

    Qualcomm concentrate ...


    work on sunxi a64 cpufreq driver (for teres-1, pine64) by mbrugger

    With the teres-1 [1] laptop we have a first arm...