From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Date: Thu, 1 Apr 2021 07:59:38 +0200 From: Michael Olbrich Message-ID: <20210401055938.GJ8755@pengutronix.de> References: <0bed7ba17cc82c39c5f46432b1309a7de0bc1491.camel@diehl.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <0bed7ba17cc82c39c5f46432b1309a7de0bc1491.camel@diehl.com> Subject: Re: [ptxdist] [PATCH v3] kernel: proper handle signed modules List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Cc: Marc Kleine-Budde On Wed, Mar 31, 2021 at 11:37:11AM +0000, Denis Osterland-Heim wrote: > If CONFIG_MODULE_SIG_ALL is set in kernelconfig then modules will be > automatically signed during the modules_install phase of a kernel build. > > Signed modules are BRITTLE as the signature is outside of the defined ELF > container. Thus they MAY NOT be stripped once the signature is computed > and attached. Note the entire module is the signed payload, including any > and all debug information present at the time of signing. > > See: https://www.kernel.org/doc/html/latest/admin-guide/module-signing.html > Signed-off-by: Denis Osterland-Heim > --- > v2 -> v3: > - move TARGET_COMPILER_RECORD_SWITCHES to PTXDIST_LOWLEVEL_WRAPPER_BLACKLIST Marc, what do you think? > > rules/kernel.make | 3 ++- > rules/pre/kernel.make | 3 ++- > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/rules/kernel.make b/rules/kernel.make > index ea748fc8a..2b564612b 100644 > --- a/rules/kernel.make > +++ b/rules/kernel.make > @@ -61,6 +61,7 @@ KERNEL_BASE_OPT := \ > CROSS_COMPILE=$(KERNEL_CROSS_COMPILE) \ > DEPMOD=$(PTXDIST_SYSROOT_HOST)/sbin/depmod \ > \ > + INSTALL_MOD_STRIP=1 \ > INSTALL_MOD_PATH=$(KERNEL_PKGDIR) \ > PTX_KERNEL_DIR=$(KERNEL_DIR) \ > $(call remove_quotes,$(PTXCONF_KERNEL_EXTRA_MAKEVARS)) > @@ -313,7 +314,7 @@ ifdef PTXCONF_KERNEL_MODULES_INSTALL > @$(call install_fixup, kernel-modules, AUTHOR,"Robert Schwebel ") > @$(call install_fixup, kernel-modules, DESCRIPTION,missing) > > - @$(call install_glob, kernel-modules, 0, 0, -, /lib/modules, *.ko,, k) > + @$(call install_glob, kernel-modules, 0, 0, -, /lib/modules, *.ko,, n) We should do the same thing for the kernel template. But I'll take care of that. There is some cleanup that I want to do anyways in that area. Michael > @$(call install_glob, kernel-modules, 0, 0, -, /lib/modules,, *.ko */build */source, n) > > @$(call install_finish, kernel-modules) > diff --git a/rules/pre/kernel.make b/rules/pre/kernel.make > index df53020aa..fb38d416d 100644 > --- a/rules/pre/kernel.make > +++ b/rules/pre/kernel.make > @@ -85,7 +85,8 @@ PTXDIST_LOWLEVEL_WRAPPER_BLACKLIST := \ > TARGET_HARDEN_PIE \ > TARGET_HARDEN_GLIBCXX_ASSERTIONS \ > TARGET_DEBUG \ > - TARGET_BUILD_ID > + TARGET_BUILD_ID \ > + TARGET_COMPILER_RECORD_SWITCHES > > # > # handle special compiler > -- > 2.31.1 > > _______________________________________________ > ptxdist mailing list > ptxdist@pengutronix.de > To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de