kernel: proper handle signed modules

If CONFIG_MODULE_SIG_ALL is set in kernelconfig then modules will be automatically signed during the modules_install phase of a kernel build. Signed modules are BRITTLE as the signature is outside of the defined ELF container. Thus they MAY NOT be stripped once the signature is computed and attached. Note the entire module is the signed payload, including any and all debug information present at the time of signing. See: https://www.kernel.org/doc/html/latest/admin-guide/module-signing.html Signed-off-by: Denis Osterland-Heim <denis.osterland@diehl.com> Message-Id: <20210331113525.22330-1-denis.osterland@diehl.com> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
author: Denis Osterland-Heim <denis.osterland@diehl.com> 2021-03-31 13:35:25 +0200
committer: Michael Olbrich <m.olbrich@pengutronix.de> 2021-04-01 15:54:36 +0200
commit: 565aabf6f36d3ed31544d882394604c4a1b13597 (patch)
tree: c968a88f9970e67d05b75aa207866e9191482b75
parent: c3361e082f90ca37f6572a444c670eed08b6d266 (diff)
download: ptxdist-565aabf6f36d3ed31544d882394604c4a1b13597.tar.gz
ptxdist-565aabf6f36d3ed31544d882394604c4a1b13597.tar.xz
2 files changed, 4 insertions, 2 deletions
diff --git a/rules/kernel.make b/rules/kernel.make
index ea748fc8a..2b564612b 100644
--- a/rules/kernel.make
+++ b/rules/kernel.make
@@ -61,6 +61,7 @@ KERNEL_BASE_OPT		:= \
 	CROSS_COMPILE=$(KERNEL_CROSS_COMPILE) \
 	DEPMOD=$(PTXDIST_SYSROOT_HOST)/sbin/depmod \
 	\
+	INSTALL_MOD_STRIP=1 \
 	INSTALL_MOD_PATH=$(KERNEL_PKGDIR) \
 	PTX_KERNEL_DIR=$(KERNEL_DIR) \
 	$(call remove_quotes,$(PTXCONF_KERNEL_EXTRA_MAKEVARS))
@@ -313,7 +314,7 @@ ifdef PTXCONF_KERNEL_MODULES_INSTALL
 	@$(call install_fixup, kernel-modules, AUTHOR,"Robert Schwebel <r.schwebel@pengutronix.de>")
 	@$(call install_fixup, kernel-modules, DESCRIPTION,missing)
 
-	@$(call install_glob, kernel-modules, 0, 0, -, /lib/modules, *.ko,, k)
+	@$(call install_glob, kernel-modules, 0, 0, -, /lib/modules, *.ko,, n)
 	@$(call install_glob, kernel-modules, 0, 0, -, /lib/modules,, *.ko */build */source, n)
 
 	@$(call install_finish, kernel-modules)
diff --git a/rules/pre/kernel.make b/rules/pre/kernel.make
index df53020aa..fb38d416d 100644
--- a/rules/pre/kernel.make
+++ b/rules/pre/kernel.make
@@ -85,7 +85,8 @@ PTXDIST_LOWLEVEL_WRAPPER_BLACKLIST := \
 	TARGET_HARDEN_PIE \
 	TARGET_HARDEN_GLIBCXX_ASSERTIONS \
 	TARGET_DEBUG \
-	TARGET_BUILD_ID
+	TARGET_BUILD_ID \
+	TARGET_COMPILER_RECORD_SWITCHES
 
 #
 # handle special compiler
author	Denis Osterland-Heim <denis.osterland@diehl.com>	2021-03-31 13:35:25 +0200
committer	Michael Olbrich <m.olbrich@pengutronix.de>	2021-04-01 15:54:36 +0200
commit	565aabf6f36d3ed31544d882394604c4a1b13597 (patch)
tree	c968a88f9970e67d05b75aa207866e9191482b75
parent	c3361e082f90ca37f6572a444c670eed08b6d266 (diff)
download	ptxdist-565aabf6f36d3ed31544d882394604c4a1b13597.tar.gz ptxdist-565aabf6f36d3ed31544d882394604c4a1b13597.tar.xz