git.ipfire.org Git - thirdparty/kmod.git/commit

testsuite: add modinfo pkcs7 signature test

Use the same approach to generate the signed module, like in the
old signature test: just append the pregenerated binary signature
to the module (the signature check will fail).

In case of need of generating correct signature, from the linux
kernel makefiles (certs/Makefile) it could be like:

$ openssl req -new -nodes -utf8 -sha256 -days 36500 -batch -x509
-config ./x509.genkey -outform PEM -out signing_key.pem -keyout signing_key.pem
$ /lib/modules/$(uname -r)/build/scripts/extract-cert signing_key.pem signing_key.x509
$ /lib/modules/$(uname -r)/build/scripts/sign-file sha256 signing_key.pem signing_key.x509 module.ko

where x509.genkey is:

```
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts

[ req_distinguished_name ]
CN = Build time autogenerated kernel key

[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
```

Signed-off-by: Yauheni Kaliuta <yauheni.kaliuta@redhat.com>

author	Yauheni Kaliuta <yauheni.kaliuta@redhat.com>
	Fri, 1 Feb 2019 20:36:41 +0000 (22:36 +0200)
committer	Lucas De Marchi <lucas.demarchi@intel.com>
	Mon, 4 Feb 2019 21:49:13 +0000 (13:49 -0800)
commit	dec990483bcb5f36557ab34918256a2251a6cf25
tree	93b97397f865b70306252a38c4b61ea9f3a02342	tree \| snapshot
parent	aca61d37212c65ddbcff32a3a201a2999ad12b67	commit \| diff

testsuite/module-playground/dummy.pkcs7	[new file with mode: 0644]	blob
testsuite/populate-modules.sh		diff \| blob \| blame \| history
testsuite/rootfs-pristine/test-modinfo/correct-sig_hashalgo.txt		diff \| blob \| blame \| history
testsuite/rootfs-pristine/test-modinfo/correct-sig_key.txt		diff \| blob \| blame \| history
testsuite/rootfs-pristine/test-modinfo/correct-signer.txt		diff \| blob \| blame \| history
testsuite/test-modinfo.c		diff \| blob \| blame \| history