readsigs

command module
v0.0.0-...-2a6e56a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 7, 2023 License: GPL-3.0 Imports: 12 Imported by: 0

README

signed_kmod_tools

tool(s) to examine signed kernel modules

$ go build readsigs.go

$ ./readsigs -kmod [kernel_mod] -cert [cert_public_key.der]

example, gfs2_double.ko has been signed twice, the outer signature with the testkey keypair and the inner one with the Fedora kmod signing key:

$ go build readsigs.go
$ ./readsigs -kmod gfs2_double.ko -cert testkey_pub.der 
kmod: gfs2_double.ko
cert: testkey_pub.der
Signature 1:
  signature verified
        subject: CN=cp3.chrisprocter.co.uk,O=kube9
        serial: 140021739515945850553976687443445479312715656853
Signature 2:
  signature not verified

Note: for secureboot/kmod validation purposes the Linux kernel only looks at the outer signature (Signature 1), any inner sigs are ignored (therefore this kmod will not load on linux machine with secureboot enabled unless testkey_pub.der hass been added to the MOK database)

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
pkgs

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL