Fdf0e4ed6eea4ec1c476b0e288003e68

by Joey Lee

Joey Lee is a Linux engineer from SUSE Labs. His working areas are ACPI driver, Hibernate, UEFI.

No video of the event yet, sorry!

There have some mechanisms in kernel to verify the integrity of crash kernel and module. I want to introduce the signature verification of Linux kernel module and kexec crash kernel.

For kernel module:
a. the mechanism of kernel module signature check
b. how to enable this function in kernel
c. how to sign your kernel module

For kexec
a. the mechanism of loading a signed kernel through kexec-file syscall
b. how to enable this function in kernel
c. how to sign your kernel binary for load by kexec-file.

I want introduce the mechanism and signature format. And I will show how to enable those functions, sign kernel modules and crash kernel. It will be useful for anyone who wants to understand more about the signature check in kernel.

Date:
2016 October 2 13:45
Duration:
1 h
Room:
FST 101
Conference:
openSUSE.Asia Summit 2016
Language:
Track:
openSUSE
Difficulty:
Medium