Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Talos extensions-e2e doesn't verify loadable modules are loaded #7049

Closed
frezbo opened this issue Apr 3, 2023 · 1 comment
Closed

Talos extensions-e2e doesn't verify loadable modules are loaded #7049

frezbo opened this issue Apr 3, 2023 · 1 comment
Assignees
@frezbo

Comments

@frezbo
Copy link
Member

frezbo commented Apr 3, 2023

Bug Report

Talos extensions-e2e doesn't verify loadable modules are loaded

Description

Update the e2e-extensions test to also load drbd/gasket modules and verify that their are loaded.

Also add a check to verify modules like nvidia are signed by the key in the running talos version

Probable steps:

  • extract the key from running talos kernel
  • use crane to extract nvidia modules
  • use the script from kernel sources to verrify the module is indeed signed from the keys in running talos kernel
@smira
Copy link
Member

smira commented Apr 4, 2023

I think at the very minimum we can test gasket & drbd being loaded, it should be pretty straightforward, and should give us good coverage.

frezbo added a commit to frezbo/talos that referenced this issue Apr 10, 2023
@frezbo
chore: add kernel module signtaure verification
3351b12 
Add kernel module signature verification for out of tree kernel modules.

Fixes: siderolabs#7049

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Apr 10, 2023
@frezbo
chore: add kernel module signtaure verification
bbb9c85 
Add kernel module signature verification for out of tree kernel modules.

Fixes: siderolabs#7049

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Apr 10, 2023
@frezbo
chore: add kernel module signtaure verification
922293f 
Add kernel module signature verification for out of tree kernel modules.

Fixes: siderolabs#7049

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Apr 10, 2023
@frezbo
chore: add kernel module signtaure verification
e0a37fa 
Add kernel module signature verification for out of tree kernel modules.

Fixes: siderolabs#7049

Signed-off-by: Noel Georgi <git@frezbo.dev>
smira pushed a commit to smira/talos that referenced this issue Apr 11, 2023
@frezbo @smira
chore: add kernel module signtaure verification
805887e 
Add kernel module signature verification for out of tree kernel modules.

Fixes: siderolabs#7049

Signed-off-by: Noel Georgi <git@frezbo.dev>
(cherry picked from commit 5e9d836)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@frezbo frezbo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smira @frezbo