Dear debian kernel maintainers:
I want to re-package debian kernel to support modules signing.
Below is what I do:
1. get the debian kernel source via `apt-get source linux`, btw I'm
using the unstable version.
2. change debian/config/config file and modify these items:
CONFIG_MODULE_SIG_KEY="path/to/keypairfile"
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_FORCE=y
CONFIG_MODULE_SIG_ALL=y
CONFIG_MODULE_SIG_SHA256=y
the key file is generated manually following the kernel doc [1].
3. re-packaging the source via `dpkg-buildpackage -us -uc`
4. install the new generated kernel-image package.
And here is the problems:
1. As what I get from the kernel doc [1], when `CONFIG_MODULE_SIG_KEY`
is not set, the build process will automatically generate a new key pair
for modules signing. but when I left this config item to blank, no key
was generated, and I don't know why.
2. I've specified the `CONFIG_MODULE_SIG_ALL=y` and according to the doc
[1], the modules will be automatically signed while `make
modules_install`, and that doesn't happen either. so I have to manually
sign the modules.
I really want the answer about this two problems. Any help would be very
appreciated.
[1] https://www.kernel.org/doc/html/latest/admin-guide/module-signing.html
--
Yanhao Mo
Attachment:
signature.asc
Description: PGP signature