1. Patchew
  2. linux
  3. [PATCH 0/8] modules: Move 'struct module_signature' to UAPI
  4. View patch

[PATCH 6/8] tools uapi headers: add linux/module_signature.h

Thomas Weißschuh posted 8 patches 1 month, 1 week ago
[PATCH 6/8] tools uapi headers: add linux/module_signature.h
Posted by Thomas Weißschuh 1 month, 1 week ago 
This header is going to be used from scripts/sign-file.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
---
 tools/include/uapi/linux/module_signature.h | 42 +++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/uapi/linux/module_signature.h
new file mode 100644
index 000000000000..6f4f7539fe8d
--- /dev/null
+++ b/tools/include/uapi/linux/module_signature.h
@@ -0,0 +1,42 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Module signature handling.
+ *
+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#ifndef _UAPI_LINUX_MODULE_SIGNATURE_H
+#define _UAPI_LINUX_MODULE_SIGNATURE_H
+
+#include <linux/types.h>
+
+/* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */
+#define MODULE_SIGNATURE_MARKER "~Module signature appended~\n"
+
+enum module_signature_type {
+	MODULE_SIGNATURE_TYPE_PKCS7 = 2,	/* Signature in PKCS#7 message */
+	MODULE_SIGNATURE_TYPE_MERKLE = 3,	/* Merkle proof for modules */
+};
+
+/*
+ * Module signature information block.
+ *
+ * The constituents of the signature section are, in order:
+ *
+ *	- Signer's name
+ *	- Key identifier
+ *	- Signature data
+ *	- Information block
+ */
+struct module_signature {
+	__u8	algo;		/* Public-key crypto algorithm [0] */
+	__u8	hash;		/* Digest algorithm [0] */
+	__u8	id_type;	/* Key identifier type [enum module_signature_type] */
+	__u8	signer_len;	/* Length of signer's name [0] */
+	__u8	key_id_len;	/* Length of key identifier [0] */
+	__u8	__pad[3];
+	__be32	sig_len;	/* Length of signature data */
+};
+
+#endif /* _UAPI_LINUX_MODULE_SIGNATURE_H */

-- 
2.53.0
Re: [PATCH 6/8] tools uapi headers: add linux/module_signature.h
Posted by bot+bpf-ci@kernel.org 1 month, 1 week ago 
> diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/uapi/linux/module_signature.h
> --- /dev/null
> +++ b/tools/include/uapi/linux/module_signature.h

[ ... ]

> +enum module_signature_type {
> +	MODULE_SIGNATURE_TYPE_PKCS7 = 2,	/* Signature in PKCS#7 message */
> +	MODULE_SIGNATURE_TYPE_MERKLE = 3,	/* Merkle proof for modules */
> +};

The source UAPI header at include/uapi/linux/module_signature.h does not
define MODULE_SIGNATURE_TYPE_MERKLE:

include/uapi/linux/module_signature.h:
    enum module_signature_type {
        MODULE_SIGNATURE_TYPE_PKCS7 = 2,
    };

Was this value intentionally added here ahead of the kernel header?  It
appears to come from the CONFIG_MODULE_HASHES series referenced in the
cover letter, but no commit in this series adds it to the kernel UAPI
header, so the tools copy diverges from its source at creation time.


---
AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

CI run summary: https://github.com/kernel-patches/bpf/actions/runs/22577240517

AI-authorship-score: low
AI-authorship-explanation: Straightforward mechanical UAPI header copy with terse commit message, consistent with experienced kernel developer style from a known Linutronix contributor.
issues-found: 1
issue-severity-score: low
issue-severity-explanation: The tools UAPI copy contains an enum value (MODULE_SIGNATURE_TYPE_MERKLE) not present in the kernel source header, creating a content mismatch that does not affect runtime behavior but violates the convention that tools copies mirror kernel UAPI headers.
Re: [PATCH 6/8] tools uapi headers: add linux/module_signature.h
Posted by Thomas Weißschuh 1 month, 1 week ago 
On Mon, Mar 02, 2026 at 01:32:34PM +0000, bot+bpf-ci@kernel.org wrote:
> > diff --git a/tools/include/uapi/linux/module_signature.h b/tools/include/uapi/linux/module_signature.h
> > --- /dev/null
> > +++ b/tools/include/uapi/linux/module_signature.h
> 
> [ ... ]
> 
> > +enum module_signature_type {
> > +	MODULE_SIGNATURE_TYPE_PKCS7 = 2,	/* Signature in PKCS#7 message */
> > +	MODULE_SIGNATURE_TYPE_MERKLE = 3,	/* Merkle proof for modules */
> > +};
> 
> The source UAPI header at include/uapi/linux/module_signature.h does not
> define MODULE_SIGNATURE_TYPE_MERKLE:
> 
> include/uapi/linux/module_signature.h:
>     enum module_signature_type {
>         MODULE_SIGNATURE_TYPE_PKCS7 = 2,
>     };
> 
> Was this value intentionally added here ahead of the kernel header?  It
> appears to come from the CONFIG_MODULE_HASHES series referenced in the
> cover letter, but no commit in this series adds it to the kernel UAPI
> header, so the tools copy diverges from its source at creation time.

Indeed, this should only appear in the follow-up CONFIG_MODULE_HASHES series.
I'll fix it for v2.

> ---
> AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
> See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
> 
> CI run summary: https://github.com/kernel-patches/bpf/actions/runs/22577240517
> 
> AI-authorship-score: low
> AI-authorship-explanation: Straightforward mechanical UAPI header copy with terse commit message, consistent with experienced kernel developer style from a known Linutronix contributor.
> issues-found: 1
> issue-severity-score: low
> issue-severity-explanation: The tools UAPI copy contains an enum value (MODULE_SIGNATURE_TYPE_MERKLE) not present in the kernel source header, creating a content mismatch that does not affect runtime behavior but violates the convention that tools copies mirror kernel UAPI headers.

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.