Opened 11 years ago
Last modified 7 years ago
#12608 closed enhancement
VirtualBox Solaris kernel modules are not signed — at Version 2
| Reported by: | Dan A. | Owned by: | |
|---|---|---|---|
| Component: | installer | Version: | VirtualBox 4.3.6 |
| Keywords: | signing, elfsign | Cc: | |
| Guest type: | other | Host type: | Solaris |
Description (last modified by )
VirtualBox Solaris kernel modules are not signed with elfsign(1):
$ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxnet elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxnet. $ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxdrv elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxdrv. $ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxbow elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxbow. $ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxusbmon elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxusbmon. $ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxusb elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxusb.
In a future version of Solaris, a warning message may be generated for unsigned modules.
Here's an example on how to sign a kernel module on Solaris. This example uses self-signed certs. An official CA-issued cert would be better.
$ pktool gencert keystore=file serial=0x1 format=pem lifetime=20-year \
keytype=rsa hash=sha256 outcert=virtualbox.pem outkey=virtualbox.key \
subject="O=Oracle Corporation, OU=VirtualBox, CN=virtualbox.org"
$ su
# cp virtualbox.pem /etc/certs
$ elfsign sign -v -c virtualbox.pem -k virtualbox.key vboxnet
elfsign: vboxnet signed successfully.
format: rsa_sha256.
signer: O=Oracle Corporation, OU=VirtualBox, CN=virtualbox.org
signed on: Wed Jan 08 17:53:44 2014.
$ elfsign verify -v vboxnet
elfsign: verification of vboxnet passed.
format: rsa_sha256.
signer: O=Oracle Corporation, OU=VirtualBox, CN=virtualbox.org
signed on: Wed Jan 08 17:53:44 2014.
Change History (2)
comment:1 by , 11 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 11 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.

