Bug#884127: Fails to sign modules for CONFIG_MODULES_SIG_FORCE
Elliott Mitchell
ehem+debian at m5p.com
Mon Dec 11 21:55:59 UTC 2017
On Mon, Dec 11, 2017 at 08:42:12PM +0100, Andreas Beckmann wrote:
> Control: tag -1 help
>
> On 2017-12-11 19:17, Elliott Mitchell wrote:
> > If CONFIG_MODULES_SIG_FORCE=y is set, then kernel modules are required
> > to be signed. The nvidia-kernel-source package fails to implement this
> > step and as such cannot be made to work with a kernel configured that
> > way. This is normally done in the modules_install target, or can be done
> > according to the instructions in Documentation/module-signing.txt.
>
> Patches welcome.
>
> I wont have the time to dig into this and come up with a solution. But
> if someone can provie an initial patch, I'll look how to integrate it.
Documentation/module-signing.txt is pretty narrow focused and thus easy
to spot the key point.
Most likely you simply run:
scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(O)/signing_key.priv
$(O)/signing_key.x509 nvidia.ko
During building the package if $(CONFIG_MODULE_SIG) is true.
--
(\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/)
\BS ( | EHeM+sigmsg at m5p.com PGP 87145445 | ) /
\_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/
8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
More information about the pkg-nvidia-devel
mailing list