how to sign Linux kernel modules

To: debian-efi@lists.debian.org
Subject: how to sign Linux kernel modules
From: Ansgar Burchardt <ansgar@debian.org>
Date: Wed, 22 Nov 2017 12:49:25 +0100
Message-id: <[🔎] 87y3myr0sa.fsf@43-1.org>

Hi,

how are kernel modules supposed to be signed?  I looked at the
src:linux-signed_5 source package and it calls a program from
linux-kbuild-${version} (/usr/lib/linux-kbuild-*/scripts/sign-file).

Does this mean that the system signing kernel modules has to execute
binaries from the upload to generate the signatures?  linux-kbuild-* is
built from src:linux just like the kernel modules to be signed.

Ansgar

Reply to:

Follow-Ups:
- Re: how to sign Linux kernel modules
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: questions about UEFI-Secure Boot
Next by Date: Re: Secure boot signing infrastructure - feedback request
Previous by thread: Re: questions about UEFI-Secure Boot
Next by thread: Re: how to sign Linux kernel modules
Index(es):
- Date
- Thread