Separate kernel module signature to a independent file
an idea by joeyli
Updated about 2 years ago. 3 hacker ♥️. 1 follower. Has no hacker: grab it!

Project Description

Currently kernel module signature be attached in the end of kernel module (ko file). Scott Bahling has raised that there have some benefits that kernel allows to load module with a separate signature file.

Current module signature is PKCS#7 format, I thought that it's not hard to do that. But we will need a new system call for this.

Goal for this Hackweek

Implement a proof of concept in hackweek 20.

Resources

Base on the latest kernel mainline.

No Hackers yet

Join this project

Looking for hackers with the skills:

kernel

This project is part of:

Hack Week 20

Activity

  • about 2 years ago: pperego liked this project.
  • about 2 years ago: mkubecek liked this project.
  • about 2 years ago: fanyadan liked this project.
  • about 2 years ago: joeyli added keyword "kernel" to this project.
  • about 2 years ago: joeyli originated this project.


    • Comments

    • joeyli
      about 2 years ago by joeyli | Reply

      Result: HEAD:users/jlee/stable/modsign-separate on kerncvs.suse.de

      TODO: - Support multi .ko.p7s file. - Search fingerprint in trusted keyring, platform keyring - Modify sign-file ? - Combine with current modverifysig() - coexist with embedded signature

    Similar Projects

    Improve Qualcomm SOC msm8994/msm8992 kernel mainline support by pvorel

    Project Description

    Due previous hackweek...

    Authenticated hashes for BTRFS by dsterba

    Project Description

    Implement a checksum ...

    Linux on Cavium CN23XX cards by tsbogend

    Before Cavium switched to ARM64 CPUs they devel...

    early stage kdump support by mbrugger

    [comment]: # (Please use the project descriptio...

    drgn: implement crash top-level commands by marxin

    Project Description

    The goal of the proje...