Device driver 설치 과정에서 아래의 Error Message가 출력되는 경우
my_driver: module verification failed: signature and/or required key missing - tainting kernel
아래 2개의 Configuration 활성화 되어 있으면, signing 되지 않은 module의 install을 허용하지 않는다.
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_SHA512=y
다음 명령어를 이용해서 Kernel build 時 생성된 key를 이용해서 signing 가능하다.
kernel_path/scripts/sign-file kernel_path/sha512 certs/signing_key.pem kernel_path/certs/signing_key.x509 my_driver.ko
※ 참고
https://www.kernel.org/doc/html/v4.14/admin-guide/module-signing.html
Kernel module signing facility — The Linux Kernel documentation
Kernel module signing facility Overview The kernel module signing facility cryptographically signs modules during installation and then checks the signature upon loading the module. This allows increased kernel security by disallowing the loading of unsign
www.kernel.org
https://wiki.gentoo.org/wiki/Signed_kernel_module_support
Signed kernel module support - Gentoo Wiki
When support for signed kernel modules is enabled in enforcing mode, the Linux kernel will only load kernel modules that are digitally signed with the proper key. This allows further hardening of the system by disallowing unsigned kernel modules, or kernel
wiki.gentoo.org
.
'Kernel > 环境' 카테고리의 다른 글
| kernel - make cscope tags (0) | 2024.02.02 |
|---|---|
| kernel arm64 用 ctags & cscope (1) | 2024.02.02 |
| 라즈베리파이4 arm64 빌드 및 설치스크립트 (0) | 2024.02.02 |
