kernel_module_learn/README.md

## Setup env

On NixOS:

- Ensure Linux Kernel is the same as you configuration.
Otherwise, change linux_dev variable with you kernel variant and change flake.lock nixpkgs with your version.
- Use direnv allow or nix develop to setup shell.


On other distros:

1. With direnv, in .envrc, change line by `use flake .#other`

2. With nix only, use `nix develop .#other`

3. Otherwise, you need to setup LINUX_MODULES_FOLDER to linux modules folder of your distro (ex: `/lib/modules/$(uname -r)`) in your shell (ex: .bashrc)

## make : targets list

- all : Compiling kernel (by default)
- clean : Cleaning build folder

All subfolder is configured to use LINUX_MODULES_FOLDER env variable set by flake develop

## How test module

Step 1: Load module

```bash
sudo insmod [module_name].ko
```

**Warning**: Can fail if secure boot is enabled (see notes about secure boot in below)

Step 2: Check logs

```bash
sudo dmesg | tail
```

Step 3: Unload module

```bash
sudo rmmod [module_name].ko
```

## Usefull links

- https://www.kernel.org/doc/html/latest/
- https://elixir.bootlin.com/linux/v6.13/source/

## Notes

1. Find required headers files

```
nix shell nixpkgs#bear
cd 01_basic_module/
bear --append --output ../.vscode/compile_commands.json -- make -C $LINUX_MODULES_FOLDER/build M=$PWD modules
```

Search -I args and -D args

### Sign kernel module for testing with secure boot enabled

Prerequisites: Own secure boot keys configured.

Secure boot keys can be found in :

- Fedora : `/etc/pki/akmods`
- With sbctl : `/var/lib/sbctl`

```
sign-file sha256 $SECUREBOOT_KEYS_PATH/private_key.priv $SECUREBOOT_KEYS_PATH/public_key.der <module_file>.ko
```

sign-file executable is in `/usr/src/kernels/$(uname -r)/scripts`

Full example (run as root):

1. Fedora

```bash
/usr/src/kernels/$(uname -r)/scripts/sign-file sha256 /etc/pki/akmods/private/private_key.priv /etc/pki/akmods/certs/public_key.der <module_file>.ko
```