id,summary,reporter,owner,description,type,status,component,version,resolution,keywords,cc,guest,host 12608,VirtualBox Solaris kernel modules are not signed,Dan A.,,"!VirtualBox Solaris kernel modules are not signed with elfsign(1): {{{ $ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxnet elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxnet. $ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxdrv elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxdrv. $ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxbow elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxbow. $ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxusbmon elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxusbmon. $ elfsign verify /platform/i86pc/kernel/drv/amd64/vboxusb elfsign: no signature found in /platform/i86pc/kernel/drv/amd64/vboxusb. }}} In a future version of Solaris, a warning message may be generated for unsigned modules. Here's an example on how to sign a kernel module on Solaris. This example uses self-signed certs. An official CA-issued cert would be better. {{{ $ pktool gencert keystore=file serial=0x1 format=pem lifetime=20-year \ keytype=rsa hash=sha256 outcert=virtualbox.pem outkey=virtualbox.key \ subject=""O=Oracle Corporation, OU=VirtualBox, CN=virtualbox.org"" $ su # cp virtualbox.pem /etc/certs $ elfsign sign -v -c virtualbox.pem -k virtualbox.key vboxnet elfsign: vboxnet signed successfully. format: rsa_sha256. signer: O=Oracle Corporation, OU=VirtualBox, CN=virtualbox.org signed on: Wed Jan 08 17:53:44 2014. $ elfsign verify -v vboxnet elfsign: verification of vboxnet passed. format: rsa_sha256. signer: O=Oracle Corporation, OU=VirtualBox, CN=virtualbox.org signed on: Wed Jan 08 17:53:44 2014. }}}",enhancement,new,installer,VirtualBox 4.3.6,,"signing, elfsign",dan.anderson@…,other,Solaris