Linux kernel模块内核签名问题解决方法

Linux kernel模块内核签名问题解决方法

前提:有公匙和私匙

公匙:signing_key.x509
私匙:signing_key.priv

使用内核自带工具

$ perl <kernel_path>/scripts/sign-file sha512 signing_key.priv signing_key.x509 <module>.ko

kernel_path填写内核根目录路径

module处填写模块名字

该命令会生成module.ko文件（若在当前路径下会将之前的文件覆盖）

验证签名是否成功

使用命令验证

$ hexdump -C <module>.ko | tail

未签名

00020a90  01 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00020aa0  01 00 00 00 02 00 00 00  00 00 00 00 00 00 00 00  |................|
00020ab0  00 00 00 00 00 00 00 00  d8 10 01 00 00 00 00 00  |................|
00020ac0  b0 04 00 00 00 00 00 00  1f 00 00 00 2e 00 00 00  |................|
00020ad0  08 00 00 00 00 00 00 00  18 00 00 00 00 00 00 00  |................|
00020ae0  09 00 00 00 03 00 00 00  00 00 00 00 00 00 00 00  |................|
00020af0  00 00 00 00 00 00 00 00  88 15 01 00 00 00 00 00  |................|
00020b00  f1 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00020b10  01 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00020b20

签名成功

00020cf0  10 7c 4b 7d 54 62 ec f3  47 ec ce 2a 3a a0 c7 8a  |.|K}Tb..G..*:...|
00020d00  36 b3 e3 34 34 5f 68 83  50 65 8e 3d 20 c2 99 c6  |6..44_h.Pe.= ...|
00020d10  e6 93 3c 25 42 6c b5 0e  c3 26 a6 9c 7f 1f d9 f7  |..<%Bl...&......|
00020d20  1c 6c 2b e4 18 fc 4f 68  a3 9d 4c 0e db de 5e d1  |.l+...Oh..L...^.|
00020d30  be 2a 90 94 e8 06 b1 16  e7 6b 60 27 78 0e cf f2  |.*.......k`'x...|
00020d40  f9 9b d2 a0 f6 1e c8 e6  14 e8 24 50 97 32 89 8c  |..........$P.2..|
00020d50  f3 be 96 f8 01 06 01 1e  14 00 00 00 00 00 02 02  |................|
00020d60  7e 4d 6f 64 75 6c 65 20  73 69 67 6e 61 74 75 72  |~Module signatur|
00020d70  65 20 61 70 70 65 6e 64  65 64 7e 0a              |e appended~.|
00020d7c