From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lRUxf-0000WE-5O for ptxdist@pengutronix.de; Wed, 31 Mar 2021 09:08:19 +0200 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1lRUxe-0002RJ-SQ for ptxdist@pengutronix.de; Wed, 31 Mar 2021 09:08:18 +0200 Date: Wed, 31 Mar 2021 09:08:18 +0200 From: Michael Olbrich Message-ID: <20210331070818.GA8755@pengutronix.de> References: <8077d09253fb57d2305d9f29c5bea2537b51297f.camel@diehl.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <8077d09253fb57d2305d9f29c5bea2537b51297f.camel@diehl.com> Subject: Re: [ptxdist] [PATCH v2] kernel: proper handle signed modules List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de On Wed, Mar 31, 2021 at 05:17:11AM +0000, Denis Osterland-Heim wrote: > If CONFIG_MODULE_SIG_ALL is set in kernelconfig then modules will be > automatically signed during the modules_install phase of a kernel build. > > Signed modules are BRITTLE as the signature is outside of the defined ELF > container. Thus they MAY NOT be stripped once the signature is computed > and attached. Note the entire module is the signed payload, including any > and all debug information present at the time of signing. > > See: https://www.kernel.org/doc/html/latest/admin-guide/module-signing.html > Signed-off-by: Denis Osterland-Heim > --- > v1 -> v2: > - remove config switch > - do not strip at targetinstall unconditionally > - use INSTALL_MOD_STRIP kbuild option to strip modules > - add TARGET_COMPILER_RECORD_SWITCHES to wrapper blacklist > > rules/kernel.make | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/rules/kernel.make b/rules/kernel.make > index ea748fc8a..94f57285e 100644 > --- a/rules/kernel.make > +++ b/rules/kernel.make > @@ -38,7 +38,8 @@ KERNEL_BUILD_OOT := KEEP > > # use CONFIG_CC_STACKPROTECTOR if available. The rest makes no sense for the kernel > KERNEL_WRAPPER_BLACKLIST := \ > - $(PTXDIST_LOWLEVEL_WRAPPER_BLACKLIST) > + $(PTXDIST_LOWLEVEL_WRAPPER_BLACKLIST) \ > + TARGET_COMPILER_RECORD_SWITCHES Oh, I meant adding this to PTXDIST_LOWLEVEL_WRAPPER_BLACKLIST. That should be a separate commit. Adding it to any lowlevel Code may be problematic, because that stuff is never stripped by ptxdist. It' probably not a problem in most cases, because most custom linker scripts drop the section anyways, but better save than sorry. I should have made it clearer what I meant here, sorry. Regards, Michael > > # Note: for some reason, the error is not visible without the dummy '$(shell :)' > # when running 'ptxdist -j -q go'. > @@ -61,6 +62,7 @@ KERNEL_BASE_OPT := \ > CROSS_COMPILE=$(KERNEL_CROSS_COMPILE) \ > DEPMOD=$(PTXDIST_SYSROOT_HOST)/sbin/depmod \ > \ > + INSTALL_MOD_STRIP=1 \ > INSTALL_MOD_PATH=$(KERNEL_PKGDIR) \ > PTX_KERNEL_DIR=$(KERNEL_DIR) \ > $(call remove_quotes,$(PTXCONF_KERNEL_EXTRA_MAKEVARS)) > @@ -313,7 +315,7 @@ ifdef PTXCONF_KERNEL_MODULES_INSTALL > @$(call install_fixup, kernel-modules, AUTHOR,"Robert Schwebel ") > @$(call install_fixup, kernel-modules, DESCRIPTION,missing) > > - @$(call install_glob, kernel-modules, 0, 0, -, /lib/modules, *.ko,, k) > + @$(call install_glob, kernel-modules, 0, 0, -, /lib/modules, *.ko,, n) > @$(call install_glob, kernel-modules, 0, 0, -, /lib/modules,, *.ko */build */source, n) > > @$(call install_finish, kernel-modules) > -- > 2.31.1 > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de