| commit | 15773c466105164e90f6dbafd6bab2b8d2973c2b | [log] [tgz] |
|---|---|---|
| author | Angel Adetula <angeladetula@google.com> | Thu Aug 28 02:47:19 2025 +0000 |
| committer | Angel Adetula <angeladetula@google.com> | Thu Sep 04 09:20:14 2025 -0700 |
| tree | abfa7a30477f9d6a9c51a06492913494fe4c7fb7 | |
| parent | 7b03740219d2bc482d23fbb4d021a03b664a7bf5 [diff] |
cos-dkms: Enable kernel module signing during build This change integrates kernel module signing into the build process. Modules are now automatically signed before they are saved to the build directory. Signing is conditional on the presence of a private key and a corresponding certificate. The build process sources signing keys from the MODULES_SIGN_KEY and MODULES_SIGN_CERT environment variables, or falls back to the default file paths. Added an option to specify the hashing algorithm for module signing. If the --hash-algorithm flag is passed, that algorithm will be used for signing. Otherwise, the process will default to using SHA-256. BUG=b/400448330 TEST= presubmit, `docker run -it -v $PWD:/usr/src/mymodule-1.0 -v $HOME/test:/usr/src/test -e MODULES_SIGN_KEY="/usr/src/test/secure-boot-key.rsa" -e MODULES_SIGN_CERT="/usr/src/test/secure-boot-cert.der" cos-dkms:test build mymodule/1.0 --install-build-dependencies --make-variables=cos-default --build-id=19126.0.0 --kernel-version=cos-default` Change-Id: I8c3c39ae71a8c9be48c761584ec3368c41cb4811 Reviewed-on: https://cos-review.googlesource.com/c/cos/tools/+/110112 Cloud-Build: GCB Service account <228075978874@cloudbuild.gserviceaccount.com> Reviewed-by: Kevin Berry <kpberry@google.com> Tested-by: Kevin Berry <kpberry@google.com>
This is a repository of various tools developed for Container-Optimized OS. Examples include cos-gpu-installer, cos-toolbox, etc.
See CONTRIBUTING.md for how to contribute.