Setup env

On NixOS:

• Ensure Linux Kernel is the same as you configuration. Use this command to update nix inputs

nix flake update --override-input nixpkgs "github:NixOS/nixpkgs/$(nixos-version --revision)"

• Use direnv allow or nix develop to setup shell.

On other distros:

1. With direnv, in .envrc, change line by use flake .#other

2. With nix only, use nix develop .#other

3. Otherwise, you need to setup LINUX_MODULES_FOLDER to linux modules folder of your distro (ex: /lib/modules/$(uname -r)) in your shell (ex: .bashrc)

make : targets list

• all : Compiling kernel (by default)
• clean : Cleaning build folder

All subfolder is configured to use LINUX_MODULES_FOLDER env variable set by flake develop

How test module

Step 1: Load module

sudo insmod [module_name].ko

Warning: Can fail if secure boot is enabled (see notes about secure boot in below)

Step 2: Check logs

sudo dmesg | tail

Step 3: Unload module

sudo rmmod [module_name].ko

Usefull links

• https://www.kernel.org/doc/html/latest/
• https://elixir.bootlin.com/linux/v6.13/source/
• https://static.lwn.net/images/pdf/LDD3/ch01.pdf
• https://sysprog21.github.io/lkmpg

Notes

Find required headers files

nix shell nixpkgs#bear
cd 01_basic_module/
bear --append --output ../.vscode/compile_commands.json -- make -C $LINUX_MODULES_FOLDER/build M=$PWD modules

Search -I args and -D args

Sign kernel module for testing with secure boot enabled

Prerequisites: Own secure boot keys configured.

Secure boot keys can be found in :

• Fedora : /etc/pki/akmods
• With sbctl : /var/lib/sbctl

sign-file sha256 $SECUREBOOT_KEYS_PATH/private_key.priv $SECUREBOOT_KEYS_PATH/public_key.der <module_file>.ko

sign-file executable is in /usr/src/kernels/$(uname -r)/scripts

Full example (run as root):

1. Fedora

/usr/src/kernels/$(uname -r)/scripts/sign-file sha256 /etc/pki/akmods/private/private_key.priv /etc/pki/akmods/certs/public_key.der <module_file>.ko