When you compile a kernel source, you can choose to sign kernel modules using the
CONFIG_MODULE_SIG* options. The
modinfo tool should handle the task of verifying the module signature, but there has been some bug in it for years, and the tool simply can’t do the job anymore. All I get is the following:
sig_id: PKCS#7 signer: sig_key: sig_hashalgo: md4 signature: 30:82:02:F4:06:09:2A:86:48:86:F7:0D:01:07:02:A0:82:02:E5:30: ...
So there’s no key and the hash algorithm is md4, which isn’t even compiled in the kernel.
So how to manually check and verify the module signature? Is that even possible?