Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

linux: provide a pre-made kernel signing key #107524

Closed
wants to merge 1 commit into from
Closed

linux: provide a pre-made kernel signing key #107524

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions pkgs/os-specific/linux/kernel/common-config.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,9 @@ let
DEFAULT_SECURITY_APPARMOR = yes;

SECURITY_LOCKDOWN_LSM = whenAtLeast "5.4" yes;

MODULE_SIG_KEY = freeform "${./r13yKey.pem}"; # would be auto-generated during build
MODULE_SIG_SHA256 = yes;
} // optionalAttrs (!stdenv.hostPlatform.isAarch32) {

# Detect buffer overflows on the stack
Expand Down
82 changes: 82 additions & 0 deletions pkgs/os-specific/linux/kernel/r13yKey.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDOmaG1QIIxd7gk
JTzl98DyRVfPv0kdKzcAlXtEvCwHsNdskgCZKhBwsIaRRQ2gJR4djB1wCMVoe4zp
pi44J862r6BGALYgioSdWcFH9FXnki8EsQZ5IfFW6dMwARm6w9T05yFTirCidRm2
DcIFKbrzlHD6P+Wwx95xqyfOA9aI5Okua2l1rxPkpK91c/V6Cy2cf3GAdDpURrZZ
vMf1wwmIDKtt1d8gTbPNGYq+hGqrW8MFAGu0cFZXoBm4tCh3aGsq02m5GDIlWQp6
LVlhq+/QOc8oUsGlOQnlM/caU3tLymKKfBoqFcA8XfV7pSLRR7jJYBJB4SeNuP8s
Uu2lTWD10lMU3bY9sSv1m1C2OI6uYI98HDF2rpy754nXMIA+aZvpYAqFznrO5qq0
YE44Zw9oC3XtO+W7YZlICruJ1Gjp1LJIMuOhox7xIaAcC6GVD2D6wVMpkIrThci1
GIStaVsq00Zc0f3Iw6YuIPCm81wXuq7bViqltXNJYmr1qQdRg152towTaEjCZS+u
BXqn7y46jzmo6V13VVFJqDvmVZW2Wwm8Niz/v2H0YQV0oLg4r0BmJQBUlgG+GGMT
bZpqU4ksDuutvgqo/TGIHZZI2SfidGprnSCg5GICL+BpxNDb7T1qM2Mdry7oeEf2
Uj/xUFahQNHhUP/gX8+6kAf3gPMPNQIDAQABAoICAQCCAKx/2FrUc+gcXo5GizMP
gFD0OgLw5tuSc32A0APIxx+Xgvv7ZTu5HWtgCBq91f1wTFXNxMcrqusNr3NQBMSP
sk3hHtt7+I3gUbVM6NQRhqwtgJN5L8Gkljg88cRWAJqFjNcssY3afGM0as3W395z
HcpFvmVzayFvV2sRuNqLg7ezbQWMdyHGc1axSsmCBXyrCIrMcNavZ1uhdihBXnwl
7wsEb1sbAaoNenAS2FIjB/fcstoTTckXFHh7AGqiUMN2zFevkCkl1TTBkr22tzGN
ToMrdX/CzvSKFLv+BeAE3hJJ4DO6nbs8gUdSiaQyGraNiPWUHPD9vhZbtscxiFJk
2oAPEQTZ+ZYv4Psf2IxsgBeV79NBFdIlsn7etCIkxmNJ66q2KJgiOrjoItn8VKDL
IVJOSKGeD/0FzM3YFHEdm/vY+8p8KvWixoaFRe1oZ/Pt0XxnPHz2I27y5yYXRVTk
DpCXey8JI6IdXUXLJDsMoum5iyafGrYcb4/JYtwyTQep4iruEn7pkbivBzF/4lX9
jMiK3DYCzusuXWZiS4Om5dxfG7RbsEtz1Rqsu0nYKr6l2ee9JO2eYwr/S6RQEGpA
ciMSzBfQo1MYlkUBfeOBCSKULSrXSAQig11X0469vtOYKzFW7BstLuRQZI5G7j2B
WOWODIHeOYFkAxGMaxr9YQKCAQEA+kZNp1DzlDPGjeCLBp8r8Muifby5uHc08ELV
8/ulCRot+ajV4MnAG2e96tFwyN6+pR61E3mCNf+PCSFcAANokK6FUy6MWuqKpsX3
2+3RcedbBHEVsuvTcTZ9klAsN/L+GDUFcA8Trla8KDkvMjpwlWYuiW86IMDQwqh4
K30yJZDqI6igpV0wtAMMw9auodjoOrFMN80xo4RyNbITeba9nP0EnVj3DA5j5JLx
ifTNjAD1uUNow9rdqPzTqa7vO9cIoIKBf6LQL4OMHX/u2ingFVLY5Ru3x2WVHaHG
xley/kANkxOKrN91gVMrUalwW5toK0jXiSM6lqE8ByI0qm2X/QKCAQEA01OOFq5S
xSw4XoX4p2Pd3FGfKIoMvhusHw8gwMF0NUUGXVVBFnsQbXGKRCKkgNbYAa+jaLRK
ZJllHcM+aKEccg+Jl19ElppoOr5B7lF82eSI4OFaX6WNQPfcJWO8j5unJOFkhPv1
dZWPtdcIDXkG/8ypHox9ApKIFVOHEJvwCyjqMYJaFtxsAEitjGcpniVnquM7m6aw
LQkqmjUNkN0NCD+zivnXvg1vXubSI2FL6MKGFquDsdrGPAc2ivqZM6Ds3ogII39j
YjUD4cJJw3dp/i37JYeGPNQ76MWVxbASS/RPnbzZFDZ5QK6jR6l/DzXzvDgjvBrh
sbgF5CKRoBbtmQKCAQEAmrRghf+dQcwrfUICzkoQAF3wCKdjaiqN18KIvLOeFZ1Q
NBZwdu5fSNF87S0f+Zru3+S2a95dZgGeKjerxfpVZbHrijqo2f5HTMXs6876+9zW
P02j6yCpaD8Vqh7S5pbXCKGlxdocAVVuI7MNgI/tTfyG4b+Wf+6QXPOErOVL3TrR
8M7o1q9fTrbf6iLHehY5nyY/hfLaL0jMzHJSZZdXaDZi5ty6gYJXr1BB7FQdxuBF
BIsttHuTL0VxlV8kVKoclBN39yzuYaCAOS/+tm7SLHw0xJK4rJIXdeStmadWZqGz
gmm+/BN5cEK38Ve6s3XCE5eIXCYhrkDmeUZkpcDvBQKCAQEArX4vbNd5BH8lWBTM
6z/F6Rbpf7K2e2zkhis5TIaGDSW57+4KHZazCebpCL8YJt47QEcd9NvvJ1/379NW
7Tc3zzyKTUfdW3cwkumX3zvvMEO7TEQ2mceki+3xQpD7QTscod6ZU8Q25G4BKdx7
s/PklyVCwt2709zQ9BE7FZuwGrlga30E0TftQt5n/JjFRhyXW2hqi4LxqEeaPjfI
B2IzTM5fbH1pbZJCGLuPUZSTaWgqBXqSB/YAQU/6q2bJV+WKEbfEVsBCq2Gy6ilD
vcHPtumxAkKdJltnQ9bS+xVuMAVHR8y+uyVtrnixfCffNHGqxJ+iVtAK8oiN7Zmj
zLaGIQKCAQArAoVr/P5HNECiFV/hN9VUUISZnqy/VKgOp3tXM4rZ0Hz85U8M83Fx
KG27VFAuiFBk36VYPXguZgnuSC0jmduJgF/djBwZPPKoMphfyyFpHy512EQFjzsE
XUpdg+pFOOmP0egSZr9jlzfeCceSJCTieXPAd5tYgO4AQe5wHwj8/Wsdnp4k/em8
a9qC7JlSKenBtyyQpgefst4Wt8RJBWPRjJnAX4TQ04iGE5WLvFPbuiCc9Uez562o
Fi3adhm0YCd4hvmxn0biQtZ5SE3oYjJO2to1uc+xFV7K+Vce7aXXPIlWDTRUf+uR
uUVkRlXqd1ocqQDGZz0/SCfdeTtHVBhV
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFDzCCAvcCFBRXzSuP1zXNoW9wrVJnKdORu2ZeMA0GCSqGSIb3DQEBCwUAMEMx
DjAMBgNVBAoMBU5peE9TMTEwLwYDVQQDDChQdWJsaWMgcmVwcm9kdWNpYmlsaXR5
IGtleSwgRE8gTk9UIFRSVVNUMCAXDTIwMTIyMzA1MDg1OFoYDzIxMjAxMTI5MDUw
ODU4WjBDMQ4wDAYDVQQKDAVOaXhPUzExMC8GA1UEAwwoUHVibGljIHJlcHJvZHVj
aWJpbGl0eSBrZXksIERPIE5PVCBUUlVTVDCCAiIwDQYJKoZIhvcNAQEBBQADggIP
ADCCAgoCggIBAM6ZobVAgjF3uCQlPOX3wPJFV8+/SR0rNwCVe0S8LAew12ySAJkq
EHCwhpFFDaAlHh2MHXAIxWh7jOmmLjgnzravoEYAtiCKhJ1ZwUf0VeeSLwSxBnkh
8Vbp0zABGbrD1PTnIVOKsKJ1GbYNwgUpuvOUcPo/5bDH3nGrJ84D1ojk6S5raXWv
E+Skr3Vz9XoLLZx/cYB0OlRGtlm8x/XDCYgMq23V3yBNs80Zir6EaqtbwwUAa7Rw
VlegGbi0KHdoayrTabkYMiVZCnotWWGr79A5zyhSwaU5CeUz9xpTe0vKYop8GioV
wDxd9XulItFHuMlgEkHhJ424/yxS7aVNYPXSUxTdtj2xK/WbULY4jq5gj3wcMXau
nLvnidcwgD5pm+lgCoXOes7mqrRgTjhnD2gLde075bthmUgKu4nUaOnUskgy46Gj
HvEhoBwLoZUPYPrBUymQitOFyLUYhK1pWyrTRlzR/cjDpi4g8KbzXBe6rttWKqW1
c0liavWpB1GDXna2jBNoSMJlL64FeqfvLjqPOajpXXdVUUmoO+ZVlbZbCbw2LP+/
YfRhBXSguDivQGYlAFSWAb4YYxNtmmpTiSwO662+Cqj9MYgdlkjZJ+J0amudIKDk
YgIv4GnE0NvtPWozYx2vLuh4R/ZSP/FQVqFA0eFQ/+Bfz7qQB/eA8w81AgMBAAEw
DQYJKoZIhvcNAQELBQADggIBAMA+s6KGsY6hfqvXtezZ7nARpHl793PWgEh2UwU4
Tt5fO43++eTzOcSsu2b6YrA2wXOfHFO70oYj2sl7AzdV1aU+BwErGP39PYckI6pr
Il37vIDXep/supiLMYX8/lUaP4TYso5mQc+xnlqB/ahY9k/Y/KJAimZ/ePaegqMY
aloTe1L3MQT8Nvy5w4pN85JNGfeS4s+nph0dNjgzVcm2NsZryYyqIDEuAcS6255q
v7h5KYeysZRWWIIjYhDfTYhGtsvpaavQXJkiBgctxKtPgIHcZ6XitQY2VqwpPyyp
I7+GXbrELdi6HoFQdPHb5kEDzwqNhNQUutyxSSde6y7u4jzIqcd0J0HsNG+XgMZW
B4k44FCB1qXEht1zEWBCrv1C3DFUrbGzLJeK50HohPh4Q5nZp7MZk+KB1cgo85DZ
9HbM0lryYyUbNRu7+tlN50fyi7LHNq80kZRE9g4RrJIv8wiLUxE60S+TlnLe6IcJ
/Y10AvM5+GgzixQ11EyRBwHr6IUOffL5sd4k/7zj2FyYLlJk0ozjJvJG0aoXLy2g
9+Eo1JRrUMkb0M2NbTSMYJ0JokVSFu7CYdw6ATJcMXkkfv03El8lQyIY1jVaQSsL
84xBWMUsxD/ptYg0TZU6v1MrME2xS/BlCaYLcMh0WT16LfvvB7ZERRpoHdI1hEjd
tuEb
-----END CERTIFICATE-----