* [PATCH 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7
2026-03-02 12:42 [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
@ 2026-03-02 12:42 ` Thomas Weißschuh
2026-03-02 12:42 ` [PATCH 2/8] module: Drop unused signature types Thomas Weißschuh
` (7 subsequent siblings)
8 siblings, 0 replies; 12+ messages in thread
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
This definition duplicates a definition from an internal kernel header
which is going to be renamed.
To get rid of an instance of the old name, drop the definition.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
| 2 --
1 file changed, 2 deletions(-)
--git a/certs/extract-cert.c b/certs/extract-cert.c
index 7d6d468ed612..8c762f908443 100644
--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
@@ -33,8 +33,6 @@
#endif
#include "ssl-common.h"
-#define PKEY_ID_PKCS7 2
-
static __attribute__((noreturn))
void format(void)
{
--
2.53.0
^ permalink raw reply related [flat|nested] 12+ messages in thread* [PATCH 2/8] module: Drop unused signature types
2026-03-02 12:42 [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
2026-03-02 12:42 ` [PATCH 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7 Thomas Weißschuh
@ 2026-03-02 12:42 ` Thomas Weißschuh
2026-03-02 12:42 ` [PATCH 3/8] module: Give 'enum pkey_id_type' a more specific name Thomas Weißschuh
` (6 subsequent siblings)
8 siblings, 0 replies; 12+ messages in thread
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
Only PKCS#7 signatures are used today.
Remove the unused enum values. As this enum is used in on-disk data,
preserve the numeric value.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
include/linux/module_signature.h | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 7eb4b00381ac..820cc1473383 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -15,9 +15,7 @@
#define MODULE_SIG_STRING "~Module signature appended~\n"
enum pkey_id_type {
- PKEY_ID_PGP, /* OpenPGP generated key ID */
- PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */
- PKEY_ID_PKCS7, /* Signature in PKCS#7 message */
+ PKEY_ID_PKCS7 = 2, /* Signature in PKCS#7 message */
};
/*
--
2.53.0
^ permalink raw reply related [flat|nested] 12+ messages in thread* [PATCH 3/8] module: Give 'enum pkey_id_type' a more specific name
2026-03-02 12:42 [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
2026-03-02 12:42 ` [PATCH 1/8] extract-cert: drop unused definition of PKEY_ID_PKCS7 Thomas Weißschuh
2026-03-02 12:42 ` [PATCH 2/8] module: Drop unused signature types Thomas Weißschuh
@ 2026-03-02 12:42 ` Thomas Weißschuh
2026-03-02 12:42 ` [PATCH 4/8] module: Give MODULE_SIG_STRING a more descriptive name Thomas Weißschuh
` (5 subsequent siblings)
8 siblings, 0 replies; 12+ messages in thread
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
This enum originates in generic cryptographic code and has a very
generic name. Nowadays it is only used for module signatures.
As this enum is going to be exposed in a UAPI header, give it a more
specific name for clarity and consistency.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
arch/s390/kernel/machine_kexec_file.c | 2 +-
include/linux/module_signature.h | 6 +++---
kernel/module_signature.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c
index 1bf59c3f0e2b..667ee9279e23 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -53,7 +53,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len)
return -EKEYREJECTED;
kernel_len -= sig_len;
- if (ms->id_type != PKEY_ID_PKCS7)
+ if (ms->id_type != MODULE_SIGNATURE_TYPE_PKCS7)
return -EKEYREJECTED;
if (ms->algo != 0 ||
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 820cc1473383..c3a05d4cfe67 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -14,8 +14,8 @@
/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
#define MODULE_SIG_STRING "~Module signature appended~\n"
-enum pkey_id_type {
- PKEY_ID_PKCS7 = 2, /* Signature in PKCS#7 message */
+enum module_signature_type {
+ MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
};
/*
@@ -31,7 +31,7 @@ enum pkey_id_type {
struct module_signature {
u8 algo; /* Public-key crypto algorithm [0] */
u8 hash; /* Digest algorithm [0] */
- u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */
+ u8 id_type; /* Key identifier type [enum module_signature_type] */
u8 signer_len; /* Length of signer's name [0] */
u8 key_id_len; /* Length of key identifier [0] */
u8 __pad[3];
diff --git a/kernel/module_signature.c b/kernel/module_signature.c
index 00132d12487c..a0eee2fe4368 100644
--- a/kernel/module_signature.c
+++ b/kernel/module_signature.c
@@ -24,7 +24,7 @@ int mod_check_sig(const struct module_signature *ms, size_t file_len,
if (be32_to_cpu(ms->sig_len) >= file_len - sizeof(*ms))
return -EBADMSG;
- if (ms->id_type != PKEY_ID_PKCS7) {
+ if (ms->id_type != MODULE_SIGNATURE_TYPE_PKCS7) {
pr_err("%s: not signed with expected PKCS#7 message\n",
name);
return -ENOPKG;
--
2.53.0
^ permalink raw reply related [flat|nested] 12+ messages in thread* [PATCH 4/8] module: Give MODULE_SIG_STRING a more descriptive name
2026-03-02 12:42 [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
` (2 preceding siblings ...)
2026-03-02 12:42 ` [PATCH 3/8] module: Give 'enum pkey_id_type' a more specific name Thomas Weißschuh
@ 2026-03-02 12:42 ` Thomas Weißschuh
2026-03-02 12:42 ` [PATCH 5/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
` (4 subsequent siblings)
8 siblings, 0 replies; 12+ messages in thread
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
The purpose of the constant it is not entirely clear from its name.
As this constant is going to be exposed in a UAPI header, give it a more
specific name for clarity. As all its users call it 'marker', use that
wording in the constant itself.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
arch/s390/kernel/machine_kexec_file.c | 4 ++--
include/linux/module_signature.h | 2 +-
kernel/module/signing.c | 4 ++--
security/integrity/ima/ima_modsig.c | 6 +++---
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c
index 667ee9279e23..6f0852d5a3a9 100644
--- a/arch/s390/kernel/machine_kexec_file.c
+++ b/arch/s390/kernel/machine_kexec_file.c
@@ -28,7 +28,7 @@ const struct kexec_file_ops * const kexec_file_loaders[] = {
#ifdef CONFIG_KEXEC_SIG
int s390_verify_sig(const char *kernel, unsigned long kernel_len)
{
- const unsigned long marker_len = sizeof(MODULE_SIG_STRING) - 1;
+ const unsigned long marker_len = sizeof(MODULE_SIGNATURE_MARKER) - 1;
struct module_signature *ms;
unsigned long sig_len;
int ret;
@@ -40,7 +40,7 @@ int s390_verify_sig(const char *kernel, unsigned long kernel_len)
if (marker_len > kernel_len)
return -EKEYREJECTED;
- if (memcmp(kernel + kernel_len - marker_len, MODULE_SIG_STRING,
+ if (memcmp(kernel + kernel_len - marker_len, MODULE_SIGNATURE_MARKER,
marker_len))
return -EKEYREJECTED;
kernel_len -= marker_len;
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index c3a05d4cfe67..915549c779dc 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -12,7 +12,7 @@
#include <linux/types.h>
/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIG_STRING "~Module signature appended~\n"
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
enum module_signature_type {
MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index a2ff4242e623..590ba29c85ab 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -70,7 +70,7 @@ int mod_verify_sig(const void *mod, struct load_info *info)
int module_sig_check(struct load_info *info, int flags)
{
int err = -ENODATA;
- const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1;
+ const unsigned long markerlen = sizeof(MODULE_SIGNATURE_MARKER) - 1;
const char *reason;
const void *mod = info->hdr;
bool mangled_module = flags & (MODULE_INIT_IGNORE_MODVERSIONS |
@@ -81,7 +81,7 @@ int module_sig_check(struct load_info *info, int flags)
*/
if (!mangled_module &&
info->len > markerlen &&
- memcmp(mod + info->len - markerlen, MODULE_SIG_STRING, markerlen) == 0) {
+ memcmp(mod + info->len - markerlen, MODULE_SIGNATURE_MARKER, markerlen) == 0) {
/* We truncate the module to discard the signature */
info->len -= markerlen;
err = mod_verify_sig(mod, info);
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index 9aa92fd35a03..632c746fd81e 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -40,7 +40,7 @@ struct modsig {
int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
struct modsig **modsig)
{
- const size_t marker_len = strlen(MODULE_SIG_STRING);
+ const size_t marker_len = strlen(MODULE_SIGNATURE_MARKER);
const struct module_signature *sig;
struct modsig *hdr;
size_t sig_len;
@@ -51,7 +51,7 @@ int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
return -ENOENT;
p = buf + buf_len - marker_len;
- if (memcmp(p, MODULE_SIG_STRING, marker_len))
+ if (memcmp(p, MODULE_SIGNATURE_MARKER, marker_len))
return -ENOENT;
buf_len -= marker_len;
@@ -105,7 +105,7 @@ void ima_collect_modsig(struct modsig *modsig, const void *buf, loff_t size)
* Provide the file contents (minus the appended sig) so that the PKCS7
* code can calculate the file hash.
*/
- size -= modsig->raw_pkcs7_len + strlen(MODULE_SIG_STRING) +
+ size -= modsig->raw_pkcs7_len + strlen(MODULE_SIGNATURE_MARKER) +
sizeof(struct module_signature);
rc = pkcs7_supply_detached_data(modsig->pkcs7_msg, buf, size);
if (rc)
--
2.53.0
^ permalink raw reply related [flat|nested] 12+ messages in thread* [PATCH 5/8] modules: Move 'struct module_signature' to UAPI
2026-03-02 12:42 [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
` (3 preceding siblings ...)
2026-03-02 12:42 ` [PATCH 4/8] module: Give MODULE_SIG_STRING a more descriptive name Thomas Weißschuh
@ 2026-03-02 12:42 ` Thomas Weißschuh
2026-03-02 12:42 ` [PATCH 6/8] tools uapi headers: add linux/module_signature.h Thomas Weißschuh
` (3 subsequent siblings)
8 siblings, 0 replies; 12+ messages in thread
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
This structure definition is used outside the kernel proper.
For example in kmod and the kernel build environment.
To allow reuse, move it to a new UAPI header.
While it is not a true UAPI, it is a common practice to have
non-UAPI interface definitions in the kernel's UAPI headers.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
include/linux/module_signature.h | 28 +-----------------------
include/uapi/linux/module_signature.h | 41 +++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+), 27 deletions(-)
diff --git a/include/linux/module_signature.h b/include/linux/module_signature.h
index 915549c779dc..db335d46787f 100644
--- a/include/linux/module_signature.h
+++ b/include/linux/module_signature.h
@@ -10,33 +10,7 @@
#define _LINUX_MODULE_SIGNATURE_H
#include <linux/types.h>
-
-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
-
-enum module_signature_type {
- MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
-};
-
-/*
- * Module signature information block.
- *
- * The constituents of the signature section are, in order:
- *
- * - Signer's name
- * - Key identifier
- * - Signature data
- * - Information block
- */
-struct module_signature {
- u8 algo; /* Public-key crypto algorithm [0] */
- u8 hash; /* Digest algorithm [0] */
- u8 id_type; /* Key identifier type [enum module_signature_type] */
- u8 signer_len; /* Length of signer's name [0] */
- u8 key_id_len; /* Length of key identifier [0] */
- u8 __pad[3];
- __be32 sig_len; /* Length of signature data */
-};
+#include <uapi/linux/module_signature.h>
int mod_check_sig(const struct module_signature *ms, size_t file_len,
const char *name);
diff --git a/include/uapi/linux/module_signature.h b/include/uapi/linux/module_signature.h
new file mode 100644
index 000000000000..634c9f1c8fc2
--- /dev/null
+++ b/include/uapi/linux/module_signature.h
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H
+#define _UAPI_LINUX_MODULE_SIGNATURE_H
+
+#include <linux/types.h>
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
+
+enum module_signature_type {
+ MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ * - Signer's name
+ * - Key identifier
+ * - Signature data
+ * - Information block
+ */
+struct module_signature {
+ __u8 algo; /* Public-key crypto algorithm [0] */
+ __u8 hash; /* Digest algorithm [0] */
+ __u8 id_type; /* Key identifier type [enum module_signature_type] */
+ __u8 signer_len; /* Length of signer's name [0] */
+ __u8 key_id_len; /* Length of key identifier [0] */
+ __u8 __pad[3];
+ __be32 sig_len; /* Length of signature data */
+};
+
+#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */
--
2.53.0
^ permalink raw reply related [flat|nested] 12+ messages in thread* [PATCH 6/8] tools uapi headers: add linux/module_signature.h
2026-03-02 12:42 [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
` (4 preceding siblings ...)
2026-03-02 12:42 ` [PATCH 5/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
@ 2026-03-02 12:42 ` Thomas Weißschuh
2026-03-02 13:32 ` bot+bpf-ci
2026-03-02 12:42 ` [PATCH 7/8] sign-file: use 'struct module_signature' from the UAPI headers Thomas Weißschuh
` (2 subsequent siblings)
8 siblings, 1 reply; 12+ messages in thread
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
This header is going to be used from scripts/sign-file.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
tools/include/uapi/linux/module_signature.h | 42 +++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/uapi/linux/module_signature.h
new file mode 100644
index 000000000000..6f4f7539fe8d
--- /dev/null
+++ b/tools/include/uapi/linux/module_signature.h
@@ -0,0 +1,42 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H
+#define _UAPI_LINUX_MODULE_SIGNATURE_H
+
+#include <linux/types.h>
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
+
+enum module_signature_type {
+ MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
+ MODULE_SIGNATURE_TYPE_MERKLE = 3, /* Merkle proof for modules */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ * - Signer's name
+ * - Key identifier
+ * - Signature data
+ * - Information block
+ */
+struct module_signature {
+ __u8 algo; /* Public-key crypto algorithm [0] */
+ __u8 hash; /* Digest algorithm [0] */
+ __u8 id_type; /* Key identifier type [enum module_signature_type] */
+ __u8 signer_len; /* Length of signer's name [0] */
+ __u8 key_id_len; /* Length of key identifier [0] */
+ __u8 __pad[3];
+ __be32 sig_len; /* Length of signature data */
+};
+
+#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */
--
2.53.0
^ permalink raw reply related [flat|nested] 12+ messages in thread* Re: [PATCH 6/8] tools uapi headers: add linux/module_signature.h
2026-03-02 12:42 ` [PATCH 6/8] tools uapi headers: add linux/module_signature.h Thomas Weißschuh
@ 2026-03-02 13:32 ` bot+bpf-ci
2026-03-02 14:04 ` Thomas Weißschuh
0 siblings, 1 reply; 12+ messages in thread
From: bot+bpf-ci @ 2026-03-02 13:32 UTC (permalink / raw)
To: thomas.weissschuh, dhowells, dwmw2, mcgrof, petr.pavlu, da.gomez,
samitolvanen, atomlin, hca, gor, agordeev, borntraeger, svens,
zohar, roberto.sassu, dmitry.kasatkin, eric.snowberg, paul,
jmorris, serge, nathan, nsc, ast, daniel, andrii, martin.lau,
eddyz87, song, yonghong.song, john.fastabend, kpsingh, sdf,
haoluo, jolsa, shuah
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, thomas.weissschuh, ast, andrii, daniel,
martin.lau, eddyz87, yonghong.song, clm, ihor.solodrai
[-- Attachment #1: Type: text/plain, Size: 1655 bytes --]
> diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/uapi/linux/module_signature.h
> --- /dev/null
> +++ b/tools/include/uapi/linux/module_signature.h
[ ... ]
> +enum module_signature_type {
> + MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
> + MODULE_SIGNATURE_TYPE_MERKLE = 3, /* Merkle proof for modules */
> +};
The source UAPI header at include/uapi/linux/module_signature.h does not
define MODULE_SIGNATURE_TYPE_MERKLE:
include/uapi/linux/module_signature.h:
enum module_signature_type {
MODULE_SIGNATURE_TYPE_PKCS7 = 2,
};
Was this value intentionally added here ahead of the kernel header? It
appears to come from the CONFIG_MODULE_HASHES series referenced in the
cover letter, but no commit in this series adds it to the kernel UAPI
header, so the tools copy diverges from its source at creation time.
---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/22577240517
AI-authorship-score: low
AI-authorship-explanation: Straightforward mechanical UAPI header copy with terse commit message, consistent with experienced kernel developer style from a known Linutronix contributor.
issues-found: 1
issue-severity-score: low
issue-severity-explanation: The tools UAPI copy contains an enum value (MODULE_SIGNATURE_TYPE_MERKLE) not present in the kernel source header, creating a content mismatch that does not affect runtime behavior but violates the convention that tools copies mirror kernel UAPI headers.
^ permalink raw reply [flat|nested] 12+ messages in thread* Re: [PATCH 6/8] tools uapi headers: add linux/module_signature.h
2026-03-02 13:32 ` bot+bpf-ci
@ 2026-03-02 14:04 ` Thomas Weißschuh
0 siblings, 0 replies; 12+ messages in thread
From: Thomas Weißschuh @ 2026-03-02 14:04 UTC (permalink / raw)
To: bot+bpf-ci
Cc: dhowells, dwmw2, mcgrof, petr.pavlu, da.gomez, samitolvanen,
atomlin, hca, gor, agordeev, borntraeger, svens, zohar,
roberto.sassu, dmitry.kasatkin, eric.snowberg, paul, jmorris,
serge, nathan, nsc, ast, daniel, andrii, martin.lau, eddyz87,
song, yonghong.song, john.fastabend, kpsingh, sdf, haoluo, jolsa,
shuah, keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, martin.lau, clm, ihor.solodrai
On Mon, Mar 02, 2026 at 01:32:34PM +0000, bot+bpf-ci@kernel.org wrote:
> > diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/uapi/linux/module_signature.h
> > --- /dev/null
> > +++ b/tools/include/uapi/linux/module_signature.h
>
> [ ... ]
>
> > +enum module_signature_type {
> > + MODULE_SIGNATURE_TYPE_PKCS7 = 2, /* Signature in PKCS#7 message */
> > + MODULE_SIGNATURE_TYPE_MERKLE = 3, /* Merkle proof for modules */
> > +};
>
> The source UAPI header at include/uapi/linux/module_signature.h does not
> define MODULE_SIGNATURE_TYPE_MERKLE:
>
> include/uapi/linux/module_signature.h:
> enum module_signature_type {
> MODULE_SIGNATURE_TYPE_PKCS7 = 2,
> };
>
> Was this value intentionally added here ahead of the kernel header? It
> appears to come from the CONFIG_MODULE_HASHES series referenced in the
> cover letter, but no commit in this series adds it to the kernel UAPI
> header, so the tools copy diverges from its source at creation time.
Indeed, this should only appear in the follow-up CONFIG_MODULE_HASHES series.
I'll fix it for v2.
> ---
> AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
> See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
>
> CI run summary: https://github.com/kernel-patches/bpf/actions/runs/22577240517
>
> AI-authorship-score: low
> AI-authorship-explanation: Straightforward mechanical UAPI header copy with terse commit message, consistent with experienced kernel developer style from a known Linutronix contributor.
> issues-found: 1
> issue-severity-score: low
> issue-severity-explanation: The tools UAPI copy contains an enum value (MODULE_SIGNATURE_TYPE_MERKLE) not present in the kernel source header, creating a content mismatch that does not affect runtime behavior but violates the convention that tools copies mirror kernel UAPI headers.
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH 7/8] sign-file: use 'struct module_signature' from the UAPI headers
2026-03-02 12:42 [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
` (5 preceding siblings ...)
2026-03-02 12:42 ` [PATCH 6/8] tools uapi headers: add linux/module_signature.h Thomas Weißschuh
@ 2026-03-02 12:42 ` Thomas Weißschuh
2026-03-02 12:42 ` [PATCH 8/8] selftests/bpf: verify_pkcs7_sig: Use " Thomas Weißschuh
2026-03-04 7:52 ` [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Petr Pavlu
8 siblings, 0 replies; 12+ messages in thread
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
Now that the UAPI headers provide the required definitions, use those.
Some symbols have been renamed, adapt to those.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
scripts/Makefile | 1 +
scripts/sign-file.c | 19 ++++---------------
2 files changed, 5 insertions(+), 15 deletions(-)
diff --git a/scripts/Makefile b/scripts/Makefile
index 0941e5ce7b57..3434a82a119f 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -35,6 +35,7 @@ HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
HOSTLDLIBS_sorttable = -lpthread
HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include
HOSTCFLAGS_sign-file.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null)
+HOSTCFLAGS_sign-file.o += -I$(srctree)/tools/include/uapi/
HOSTLDLIBS_sign-file = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
ifdef CONFIG_UNWINDER_ORC
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 73fbefd2e540..86b010ac1514 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -40,19 +40,7 @@
#endif
#include "ssl-common.h"
-struct module_signature {
- uint8_t algo; /* Public-key crypto algorithm [0] */
- uint8_t hash; /* Digest algorithm [0] */
- uint8_t id_type; /* Key identifier type [PKEY_ID_PKCS7] */
- uint8_t signer_len; /* Length of signer's name [0] */
- uint8_t key_id_len; /* Length of key identifier [0] */
- uint8_t __pad[3];
- uint32_t sig_len; /* Length of signature data */
-};
-
-#define PKEY_ID_PKCS7 2
-
-static char magic_number[] = "~Module signature appended~\n";
+#include <linux/module_signature.h>
static __attribute__((noreturn))
void format(void)
@@ -197,7 +185,7 @@ static X509 *read_x509(const char *x509_name)
int main(int argc, char **argv)
{
- struct module_signature sig_info = { .id_type = PKEY_ID_PKCS7 };
+ struct module_signature sig_info = { .id_type = MODULE_SIGNATURE_TYPE_PKCS7 };
char *hash_algo = NULL;
char *private_key_name = NULL, *raw_sig_name = NULL;
char *x509_name, *module_name, *dest_name;
@@ -357,7 +345,8 @@ int main(int argc, char **argv)
sig_size = BIO_number_written(bd) - module_size;
sig_info.sig_len = htonl(sig_size);
ERR(BIO_write(bd, &sig_info, sizeof(sig_info)) < 0, "%s", dest_name);
- ERR(BIO_write(bd, magic_number, sizeof(magic_number) - 1) < 0, "%s", dest_name);
+ ERR(BIO_write(bd, MODULE_SIGNATURE_MARKER, sizeof(MODULE_SIGNATURE_MARKER) - 1) < 0,
+ "%s", dest_name);
ERR(BIO_free(bd) != 1, "%s", dest_name);
--
2.53.0
^ permalink raw reply related [flat|nested] 12+ messages in thread* [PATCH 8/8] selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers
2026-03-02 12:42 [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
` (6 preceding siblings ...)
2026-03-02 12:42 ` [PATCH 7/8] sign-file: use 'struct module_signature' from the UAPI headers Thomas Weißschuh
@ 2026-03-02 12:42 ` Thomas Weißschuh
2026-03-04 7:52 ` [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Petr Pavlu
8 siblings, 0 replies; 12+ messages in thread
From: Thomas Weißschuh @ 2026-03-02 12:42 UTC (permalink / raw)
To: David Howells, David Woodhouse, Luis Chamberlain, Petr Pavlu,
Daniel Gomez, Sami Tolvanen, Aaron Tomlin, Heiko Carstens,
Vasily Gorbik, Alexander Gordeev, Christian Borntraeger,
Sven Schnelle, Mimi Zohar, Roberto Sassu, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Nathan Chancellor, Nicolas Schier, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Shuah Khan
Cc: keyrings, linux-kernel, linux-modules, linux-s390,
linux-integrity, linux-security-module, linux-kbuild, bpf,
linux-kselftest, Thomas Weißschuh
Now that the UAPI headers provide the required definitions, use those.
Some symbols have been renamed, adapt to those.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
.../selftests/bpf/prog_tests/verify_pkcs7_sig.c | 28 +++-------------------
1 file changed, 3 insertions(+), 25 deletions(-)
diff --git a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
index 4d69d9d55e17..f327feb8e38c 100644
--- a/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
+++ b/tools/testing/selftests/bpf/prog_tests/verify_pkcs7_sig.c
@@ -18,6 +18,7 @@
#include <linux/keyctl.h>
#include <sys/xattr.h>
#include <linux/fsverity.h>
+#include <linux/module_signature.h>
#include <test_progs.h>
#include "test_verify_pkcs7_sig.skel.h"
@@ -33,29 +34,6 @@
#define SHA256_DIGEST_SIZE 32
#endif
-/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
-#define MODULE_SIG_STRING "~Module signature appended~\n"
-
-/*
- * Module signature information block.
- *
- * The constituents of the signature section are, in order:
- *
- * - Signer's name
- * - Key identifier
- * - Signature data
- * - Information block
- */
-struct module_signature {
- __u8 algo; /* Public-key crypto algorithm [0] */
- __u8 hash; /* Digest algorithm [0] */
- __u8 id_type; /* Key identifier type [PKEY_ID_PKCS7] */
- __u8 signer_len; /* Length of signer's name [0] */
- __u8 key_id_len; /* Length of key identifier [0] */
- __u8 __pad[3];
- __be32 sig_len; /* Length of signature data */
-};
-
struct data {
__u8 data[MAX_DATA_SIZE];
__u32 data_len;
@@ -215,7 +193,7 @@ static int populate_data_item_mod(struct data *data_item)
return 0;
modlen = st.st_size;
- marker_len = sizeof(MODULE_SIG_STRING) - 1;
+ marker_len = sizeof(MODULE_SIGNATURE_MARKER) - 1;
fd = open(mod_path, O_RDONLY);
if (fd == -1)
@@ -228,7 +206,7 @@ static int populate_data_item_mod(struct data *data_item)
if (mod == MAP_FAILED)
return -errno;
- if (strncmp(mod + modlen - marker_len, MODULE_SIG_STRING, marker_len)) {
+ if (strncmp(mod + modlen - marker_len, MODULE_SIGNATURE_MARKER, marker_len)) {
ret = -EINVAL;
goto out;
}
--
2.53.0
^ permalink raw reply related [flat|nested] 12+ messages in thread* Re: [PATCH 0/8] modules: Move 'struct module_signature' to UAPI
2026-03-02 12:42 [PATCH 0/8] modules: Move 'struct module_signature' to UAPI Thomas Weißschuh
` (7 preceding siblings ...)
2026-03-02 12:42 ` [PATCH 8/8] selftests/bpf: verify_pkcs7_sig: Use " Thomas Weißschuh
@ 2026-03-04 7:52 ` Petr Pavlu
8 siblings, 0 replies; 12+ messages in thread
From: Petr Pavlu @ 2026-03-04 7:52 UTC (permalink / raw)
To: Thomas Weißschuh
Cc: David Howells, David Woodhouse, Luis Chamberlain, Daniel Gomez,
Sami Tolvanen, Aaron Tomlin, Heiko Carstens, Vasily Gorbik,
Alexander Gordeev, Christian Borntraeger, Sven Schnelle,
Mimi Zohar, Roberto Sassu, Dmitry Kasatkin, Eric Snowberg,
Paul Moore, James Morris, Serge E. Hallyn, Nathan Chancellor,
Nicolas Schier, Alexei Starovoitov, Daniel Borkmann,
Andrii Nakryiko, Martin KaFai Lau, Eduard Zingerman, Song Liu,
Yonghong Song, John Fastabend, KP Singh, Stanislav Fomichev,
Hao Luo, Jiri Olsa, Shuah Khan, keyrings, linux-kernel,
linux-modules, linux-s390, linux-integrity, linux-security-module,
linux-kbuild, bpf, linux-kselftest
On 3/2/26 1:42 PM, Thomas Weißschuh wrote:
> This structure definition is used outside the kernel proper.
> For example in kmod and the kernel build environment.
>
> To allow reuse, move it to a new UAPI header.
>
> While it is not a true UAPI, it is a common practice to have
> non-UAPI interface definitions in the kernel's UAPI headers.
>
> This came up as part of my CONFIG_MODULE_HASHES series [0].
> But it is useful on its own and so we get it out of the way.
>
> [0] https://lore.kernel.org/lkml/aZ3OfJJSJgfOb0rJ@levanger/
>
> Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
This looks reasonable from my side and reduces code duplication. With
the removal of MODULE_SIGNATURE_TYPE_MERKLE in patch 6, as reported by
the AI, the changes seem ok to me. Feel free to add:
Reviewed-by: Petr Pavlu <petr.pavlu@suse.com>
--
Thanks,
Petr
^ permalink raw reply [flat|nested] 12+ messages in thread