Signature verification of kernel module and kexec
Joey Lee is a Linux engineer from SUSE Labs. His working areas are ACPI driver, Hibernate, UEFI.
No video of the event yet, sorry!
There have some mechanisms in kernel to verify the integrity of crash kernel and module. I want to introduce the signature verification of Linux kernel module and kexec crash kernel.
For kernel module: a. the mechanism of kernel module signature check b. how to enable this function in kernel c. how to sign your kernel module
For kexec a. the mechanism of loading a signed kernel through kexec-file syscall b. how to enable this function in kernel c. how to sign your kernel binary for load by kexec-file.
I want introduce the mechanism and signature format. And I will show how to enable those functions, sign kernel modules and crash kernel. It will be useful for anyone who wants to understand more about the signature check in kernel.
- 2016 October 2 - 13:45
- 1 h
- FST 101
- openSUSE.Asia Summit 2016