Setup env

On NixOS:

• Ensure Linux Kernel is the same as you configuration. Otherwise, change linux_dev variable with you kernel variant and change flake.lock nixpkgs with your version.
• Use direnv allow or nix develop to setup shell.

On other distros:

1. With Nix env, .envrc, change line by use flake .#other

2. Without Nix env, you need to setup LINUX_MODULES_FOLDER to linux modules folder of your distro (ex: /lib/modules/$(uname -r)) in your shell (bashrc)

make : targets list

• all : Compiling kernel
• clean : Cleaning build folder

All subfolder is configured to use LINUX_MODULES_FOLDER env variable set by flake develop

How test module

Step 1: Load module

sudo insmod [module_name].ko

Warning: Can fail if secure boot is enabled

Step 2: Check logs

sudo dmesg | tail

Step 3: Unload module

sudo rmmod [module_name].ko

Usefull links

• https://www.kernel.org/doc/html/latest/
• https://elixir.bootlin.com/linux/v6.13/source/

Notes

1. Find required headers files

nix shell nixpkgs#bear
cd 01_basic_module/
bear --append --output ../.vscode/compile_commands.json -- make -C $LINUX_MODULES_FOLDER/build M=$PWD modules

Search -I args and -D args

Sign kernel module for testing with secure boot enabled

Prerequisites: Own secure boot keys

Secure boot keys can be found in :

• Fedora : /etc/pki/akmods/certs/
• With sbctl : /var/lib/sbctl

sign-file sha256 $SECUREBOOT_KEYS_PATH/private_key.priv $SECUREBOOT_KEYS_PATH/public_key.der <module_file>.ko

sign-file is in /usr/src/kernels/$(uname -r)/scripts

Full example (run as root):

1. Fedora

/usr/src/kernels/$(uname -r)/scripts/sign-file sha256 /etc/pki/akmods/private/private_key.priv /etc/pki/akmods/certs/public_key.der <module_file>.ko