#StackBounty: #kernel #kernel-modules #signature How to verify a kernel module signature?

Bounty: 100

When you compile a kernel source, you can choose to sign kernel modules using the CONFIG_MODULE_SIG* options. The modinfo tool should handle the task of verifying the module signature, but there has been some bug in it for years, and the tool simply can’t do the job anymore. All I get is the following:

sig_id:         PKCS#7
signer:
sig_key:
sig_hashalgo:   md4
signature:      30:82:02:F4:06:09:2A:86:48:86:F7:0D:01:07:02:A0:82:02:E5:30:
                ...

So there’s no key and the hash algorithm is md4, which isn’t even compiled in the kernel.

So how to manually check and verify the module signature? Is that even possible?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.