﻿id	summary	reporter	owner	description	type	status	component	version	resolution	keywords	cc	guest	host
12608	VirtualBox Solaris kernel modules are not signed	Dan A.		"!VirtualBox Solaris kernel modules are not signed with elfsign(1):
{{{
$ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxnet 
elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxnet.
$ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxdrv 
elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxdrv.
$ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxbow 
elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxbow.
$ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxusbmon 
elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxusbmon.
$ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxusb 
elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxusb.
}}}

In a future version of Solaris, a warning message may be generated for unsigned modules.

Here's an example on how to sign a kernel module on Solaris. This example uses self-signed certs.  An official CA-issued cert would be better.

{{{
$ pktool gencert keystore=file serial=0x1 format=pem lifetime=20-year \
    keytype=rsa hash=sha256 outcert=virtualbox.pem outkey=virtualbox.key \
    subject=""O=Oracle Corporation, OU=VirtualBox, CN=virtualbox.org""
$ su
# cp virtualbox.pem /etc/certs

$ elfsign sign -v -c virtualbox.pem -k virtualbox.key vboxnet
elfsign: vboxnet signed successfully.
format: rsa_sha256.
signer: O=Oracle Corporation, OU=VirtualBox, CN=virtualbox.org
signed on: Wed Jan 08 17:53:44 2014.

$ elfsign verify -v vboxnet
elfsign: verification of vboxnet passed.
format: rsa_sha256.
signer: O=Oracle Corporation, OU=VirtualBox, CN=virtualbox.org
signed on: Wed Jan 08 17:53:44 2014.
}}}"	enhancement	closed	installer	VirtualBox 4.3.6	fixed	signing, elfsign		other	Solaris
