kernel/module/signing.c
Source file repositories/reference/linux-study-clean/kernel/module/signing.c
File Facts
- System
- Linux kernel
- Corpus path
kernel/module/signing.c- Extension
.c- Size
- 3137 bytes
- Lines
- 126
- Domain
- Core OS
- Bucket
- Scheduler, Processes, Timers, Sync, And Syscalls
- Inferred role
- Core OS: exported/initcall integration point
- Status
- integration implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Exports symbols or registers init work; inspect boot/module ordering and who consumes the exported contract.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/kernel.hlinux/errno.hlinux/module.hlinux/module_signature.hlinux/string.hlinux/verification.hlinux/security.hcrypto/public_key.huapi/linux/module.hinternal.h
Detected Declarations
function is_module_sig_enforcedfunction set_module_sig_enforcedfunction mod_verify_sigfunction module_sig_checkfunction memcmpexport is_module_sig_enforced
Annotated Snippet
memcmp(mod + info->len - markerlen, MODULE_SIGNATURE_MARKER, markerlen) == 0) {
/* We truncate the module to discard the signature */
info->len -= markerlen;
err = mod_verify_sig(mod, info);
if (!err) {
info->sig_ok = true;
return 0;
}
}
/*
* We don't permit modules to be loaded into the trusted kernels
* without a valid signature on them, but if we're not enforcing,
* certain errors are non-fatal.
*/
switch (err) {
case -ENODATA:
reason = "unsigned module";
break;
case -ENOPKG:
reason = "module with unsupported crypto";
break;
case -ENOKEY:
reason = "module with unavailable key";
break;
default:
/*
* All other errors are fatal, including lack of memory,
* unparseable signatures, and signature check failures --
* even if signatures aren't required.
*/
return err;
}
if (is_module_sig_enforced()) {
pr_notice("Loading of %s is rejected\n", reason);
return -EKEYREJECTED;
}
return security_locked_down(LOCKDOWN_MODULE_SIGNATURE);
}
Annotation
- Immediate include surface: `linux/kernel.h`, `linux/errno.h`, `linux/module.h`, `linux/module_signature.h`, `linux/string.h`, `linux/verification.h`, `linux/security.h`, `crypto/public_key.h`.
- Detected declarations: `function is_module_sig_enforced`, `function set_module_sig_enforced`, `function mod_verify_sig`, `function module_sig_check`, `function memcmp`, `export is_module_sig_enforced`.
- Atlas domain: Core OS / Scheduler, Processes, Timers, Sync, And Syscalls.
- Implementation status: integration implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.