编译内核模块的时候,也报告警:
1 2 3 4 | At main.c:160: - SSL error:02001002:system library:fopen:No such file or directory: ../crypto/bio/bss_file.c:69 - SSL error:2006D080:BIO routines:BIO_new_file:no such file: ../crypto/bio/bss_file.c:76 sign-file: certs/signing_key.pem: No such file or directory |
运行的时候,报错:
1 2 | # insmod ./sfp.ko insmod: ERROR: could not insert module ./sfp.ko: Unknown symbol in module |
dmesg查看日志:
1 2 3 | [ 4778.602001] sfp: loading out-of-tree module taints kernel. [ 4778.602056] sfp: module verification failed: signature and/or required key missing - tainting kernel [ 4778.602149] sfp: Unknown symbol nf_conntrack_in (err -2) |
搜索后发现,是没有签名,创建签名文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | $ cat > x509.genkey [ req ] default_bits = 4096 distinguished_name = req_distinguished_name prompt = no string_mask = utf8only x509_extensions = myexts [ req_distinguished_name ] CN = Modules [ myexts ] basicConstraints=critical,CA:FALSE keyUsage=digitalSignature subjectKeyIdentifier=hash authorityKeyIdentifier=keyid $ openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER \ -out signing_key.x509 -keyout signing_key.pem |
将签名文件,拷贝到linux编译源码下的certs目录,并为所有用户加上可读权限
1 2 | $ sudo chmod +r
|
再次编译内核,没有签名的告警了,但是还是符号未找到,这个依赖的模块没安装。