Jasper v. B. jazzpi

## dkms-module-signing.md

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                jazzpi
                / dkms-module-signing.md
            
            
              Last active
              March 9, 2021 15:57
                — forked from dojoe/dkms-module-signing.md
            
              
                Make DKMS sign kernel modules on installation, with full script support and somewhat distro independent
              
          
    On systems with UEFI Secure Boot enabled, recent Linux kernels will only load signed modules, so it's about time DKMS grew the capability to sign modules it's building.
These scripts are extended and scriptified variants of https://computerlinguist.org/make-dkms-sign-kernel-modules-for-secure-boot-on-ubuntu-1604.html and https://askubuntu.com/questions/760671/could-not-load-vboxdrv-after-upgrade-to-ubuntu-16-04-and-i-want-to-keep-secur/768310#768310 and add some error checking and support for compressed modules.
dkms-sign-module is a wrapper for the more generic sign-modules which can also be used outside of DKMS.
Installation


Create a directory under /root, say /root/module-signing, put the three scripts below in there and make them executable: chmod u+x one-time-setup sign-modules dkms-sign-module


## nosplit.cpp
#include <stdexcept>

void may_throw() {
    throw std::runtime_error("error");
}

int main(int argc, char** argv) {
    try {
        may_throw();
        return 0;

## smtpd.conf
table aliases file:/etc/mail/aliases

listen on all

action "local_mail" lmtp some-lmtp.server
action "outbound" relay

match from any for domain "example.org" action "local_mail"
match for local action "local_mail"
match for any action "outbound"

## gist:1daf9dfdeb9ce1931d87f98b0f33a965
/usr/bin/clang++  -stdlib=libc++ -O3 -DNDEBUG   CMakeFiles/ccls.dir/third_party/siphash.cc.o CMakeFiles/ccls.dir/src/clang_tu.cc.o CMakeFiles/ccls.dir/src/config.cc.o CMakeFiles/ccls.dir/src/filesystem.cc.o CMakeFiles/ccls.dir/src/fuzzy_match.cc.o CMakeFiles/ccls.dir/src/main.cc.o CMakeFiles/ccls.dir/src/include_complete.cc.o CMakeFiles/ccls.dir/src/indexer.cc.o CMakeFiles/ccls.dir/src/log.cc.o CMakeFiles/ccls.dir/src/lsp.cc.o CMakeFiles/ccls.dir/src/message_handler.cc.o CMakeFiles/ccls.dir/src/pipeline.cc.o CMakeFiles/ccls.dir/src/platform_posix.cc.o CMakeFiles/ccls.dir/src/platform_win.cc.o CMakeFiles/ccls.dir/src/position.cc.o CMakeFiles/ccls.dir/src/project.cc.o CMakeFiles/ccls.dir/src/query.cc.o CMakeFiles/ccls.dir/src/sema_manager.cc.o CMakeFiles/ccls.dir/src/serializer.cc.o CMakeFiles/ccls.dir/src/test.cc.o CMakeFiles/ccls.dir/src/utils.cc.o CMakeFiles/ccls.dir/src/working_files.cc.o CMakeFiles/ccls.dir/src/messages/ccls_call.cc.o CMakeFiles/ccls.dir/src/messages/ccls_info.cc.o CMakeFiles/ccls.dir/src/

## gist:9abc4f47f4959bfa7e3357c996320d05
$ echo | clang++ -E -x c++ -v -
clang version 8.0.1-svn363027-1~exp1~20190611212422.76 (branches/release_80)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.0
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6
Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.0.0
Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5

## asm.S
#include "kernel/modes.h"
#include "kernel/memory.h"

_init_stacks:
    cps     #MODE_IRQ
    ldr     sp, =P_STACK_IRQ

    cps     #MODE_FIQ
    ldr     sp, =P_STACK_FIQ

## a.cpp
#include <iostream>
#include <thread>

// Compile with g++ -std=c++11 a.cpp -pthread

volatile int c = 0;
volatile bool done = false;

void change_c() {
  while (!done) {

## zncplayback.py
# -*- coding: utf-8 -*-
#
# Copyright (C) 2016 Jasper v. Blanckenburg <jasper@mezzo.de>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,

## lirc.conf.d-SundtekRemoteV3.conf
# Please make this file available to others
# by sending it to <lirc@bartelmus.de>
#
# this config file was automatically generated
# using lirc-0.9.0(devinput) on Tue Aug  5 16:55:09 2014
#
# contributed by
#
# brand:                       SundtekRemoteV3.conf
# model no. of remote control:

## Xorg.0.log
[    32.998]
X.Org X Server 1.18.2
Release Date: 2016-03-11
[    32.998] X Protocol Version 11, Revision 0
[    32.998] Build Operating System: Linux 4.2.5-1-ARCH x86_64
[    32.998] Current Operating System: Linux archv2 4.4.5-1-ARCH #1 SMP PREEMPT Thu Mar 10 07:38:19 CET 2016 x86_64
[    32.998] Kernel command line: initrd=\initramfs-linux.img initrd=\intel-ucode.img root=/dev/sda7 quiet splash rw
[    32.998] Build Date: 25 March 2016  08:54:41AM
[    32.998]
[    32.998] Current version of pixman: 0.34.0
	#include <stdexcept>

	void may_throw() {
	throw std::runtime_error("error");
	}

	int main(int argc, char** argv) {
	try {
	may_throw();
	return 0;
	table aliases file:/etc/mail/aliases

	listen on all

	action "local_mail" lmtp some-lmtp.server
	action "outbound" relay

	match from any for domain "example.org" action "local_mail"
	match for local action "local_mail"
	match for any action "outbound"
	$ echo \| clang++ -E -x c++ -v -
	clang version 8.0.1-svn363027-1~exp1~20190611212422.76 (branches/release_80)
	Target: x86_64-pc-linux-gnu
	Thread model: posix
	InstalledDir: /usr/bin
	Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5
	Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.0
	Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6
	Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.0.0
	Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5
	#include "kernel/modes.h"
	#include "kernel/memory.h"

	_init_stacks:
	cps #MODE_IRQ
	ldr sp, =P_STACK_IRQ

	cps #MODE_FIQ
	ldr sp, =P_STACK_FIQ
	#include <iostream>
	#include <thread>

	// Compile with g++ -std=c++11 a.cpp -pthread

	volatile int c = 0;
	volatile bool done = false;

	void change_c() {
	while (!done) {
	# -- coding: utf-8 --
	#
	# Copyright (C) 2016 Jasper v. Blanckenburg <jasper@mezzo.de>
	#
	# This program is free software; you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation; either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	# Please make this file available to others
	# by sending it to <lirc@bartelmus.de>
	#
	# this config file was automatically generated
	# using lirc-0.9.0(devinput) on Tue Aug 5 16:55:09 2014
	#
	# contributed by
	#
	# brand: SundtekRemoteV3.conf
	# model no. of remote control:
	[ 32.998]
	X.Org X Server 1.18.2
	Release Date: 2016-03-11
	[ 32.998] X Protocol Version 11, Revision 0
	[ 32.998] Build Operating System: Linux 4.2.5-1-ARCH x86_64
	[ 32.998] Current Operating System: Linux archv2 4.4.5-1-ARCH #1 SMP PREEMPT Thu Mar 10 07:38:19 CET 2016 x86_64
	[ 32.998] Kernel command line: initrd=\initramfs-linux.img initrd=\intel-ucode.img root=/dev/sda7 quiet splash rw
	[ 32.998] Build Date: 25 March 2016 08:54:41AM
	[ 32.998]
	[ 32.998] Current version of pixman: 0.34.0