[PATCHv2] package: skip strip on signed kernel modules

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

* [PATCHv2] package: skip strip on signed kernel modules
@ 2018-08-04  0:39 omar.ocampo.coronado
  0 siblings, 0 replies; only message in thread
From: omar.ocampo.coronado @ 2018-08-04  0:39 UTC (permalink / raw
  To: openembedded-core

From: foocampo <omar.ocampo.coronado@intel.com>

Executing strip action on kernel modules removes the signature.
Is not possible to strip and keep the signature, therefore avoid
strip signed kernel modules.

Signed-off-by: foocampo <omar.ocampo.coronado@intel.com>
Signed-off-by: Omar Ocmapo <omar.ocampo.coronado@intel.com>
---
 meta/lib/oe/package.py | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/meta/lib/oe/package.py b/meta/lib/oe/package.py
index fa3428ad61..21c80aaa38 100644
--- a/meta/lib/oe/package.py
+++ b/meta/lib/oe/package.py
@@ -21,11 +21,15 @@ def runstrip(arg):
         os.chmod(file, newmode)
 
     stripcmd = [strip]
-
+    skip_strip = False
     # kernel module    
     if elftype & 16:
-        stripcmd.extend(["--strip-debug", "--remove-section=.comment",
-            "--remove-section=.note", "--preserve-dates"])
+        if is_kernel_module_signed(file):
+            bb.debug(1, "Skip strip on signed module %s" % file)
+            skip_strip = True
+        else:
+            stripcmd.extend(["--strip-debug", "--remove-section=.comment",
+                "--remove-section=.note", "--preserve-dates"])
     # .so and shared library
     elif ".so" in file and elftype & 8:
         stripcmd.extend(["--remove-section=.comment", "--remove-section=.note", "--strip-unneeded"])
@@ -36,7 +40,8 @@ def runstrip(arg):
     stripcmd.append(file)
     bb.debug(1, "runstrip: %s" % stripcmd)
 
-    output = subprocess.check_output(stripcmd, stderr=subprocess.STDOUT)
+    if not skip_strip:
+        output = subprocess.check_output(stripcmd, stderr=subprocess.STDOUT)
 
     if newmode:
         os.chmod(file, origmode)
@@ -46,6 +51,13 @@ def is_kernel_module(path):
     with open(path) as f:
         return mmap.mmap(f.fileno(), 0, prot=mmap.PROT_READ).find(b"vermagic=") >= 0
 
+# Detect if .ko module is signed
+def is_kernel_module_signed(path):
+    with open(path, "rb") as f:
+        f.seek(-28, 2)
+        module_tail = f.read()
+        return "Module signature appended" in "".join(chr(c) for c in bytearray(module_tail))
+
 # Return type (bits):
 # 0 - not elf
 # 1 - ELF
-- 
2.18.0



^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2018-08-03 21:44 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-08-04  0:39 [PATCHv2] package: skip strip on signed kernel modules omar.ocampo.coronado

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.