Use the same approach to generate the signed module, like in the
old signature test: just append the pregenerated binary signature
to the module (the signature check will fail).
In case of need of generating correct signature, from the linux
kernel makefiles (certs/Makefile) it could be like:
$ openssl req -new -nodes -utf8 -sha256 -days 36500 -batch -x509
-config ./x509.genkey -outform PEM -out signing_key.pem -keyout signing_key.pem
$ /lib/modules/$(uname -r)/build/scripts/extract-cert signing_key.pem signing_key.x509
$ /lib/modules/$(uname -r)/build/scripts/sign-file sha256 signing_key.pem signing_key.x509 module.ko
where x509.genkey is:
```
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
CN = Build time autogenerated kernel key
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
```
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
The following tests added:
- depmod_search_order_external_first -- checks if external module
is taken in use when it has higher priority;
- depmod_search_order_external_last -- checks if external module
is skipped when it has lower priority;
- test_modinfo_external -- checks if modinfo is able to look up
correct external module;
- modprobe_external -- checks if modprobe is able to look up
correct external module and loads it.
Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
We use a "fake signature" to sign the modules. As far as kmod is
concerned the signature fields are informational only. It's the kernel
the responsible for checking it's valid.
So what we are doing here is: pick the signatures of the ext4-x86_64.ko
module and save as dummy.{hashalgo}. This signature is appended to the
mod-simple.ko module so the ext4-x86_64.ko module can be removed from
tree.
Rename modinfo_jonsmodules() to test_modinfo_signature(): now this test
is responsible only for the signed modules.
The other tests use specific flags to modinfo in order to print only
one field, so we can filter out those fields that are expect to change
if the module is recompiled.
Lucas De Marchi
Yauheni Kaliuta
Michal Marek
Lucas De Marchi