Sign the Napatech Driver With the Private Key

Software Installation for Linux

Platform
Intel® PAC
Napatech SmartNIC
Content Type
Software Installation Guide
Capture Software Version
Link™ Capture Software 12.11

About this task

For linux kernels version 4.2 or earlier, signing the Napatech driver with a private key is done with a Perl script from the kernel development package. Note that the script requires that both the files that contain the private and the public key, as well as the Napatech driver to sign:

# perl /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 \
 private_key.priv public_key.der /opt/napatech3/driver/nt3gd.ko
nt3gd_netdev.ko must be signed as well.
# perl /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 \
 private_key.priv public_key.der /opt/napatech3/driver/nt3gd_netdev.ko
For linux kernels version 4.3 or newer, the Perl script has been replaced by a binary executable. Run the following commands instead.
# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 \
 private_key.priv public_key.der /opt/napatech3/driver/nt3gd.ko

# /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 \
 private_key.priv public_key.der /opt/napatech3/driver/nt3gd_netdev.ko

The Napatech driver is in ELF image format and this script computes and appends the signature directly to the ELF image in the nt3gd.ko file. The modinfo utility can be used to display information about the Napatech driver signature, if it is present:

# modinfo /opt/napatech3/driver/nt3gd.ko

The Napatech driver is now ready for loading. Note that the signed Napatech driver is also loadable on systems where UEFI Secure Boot is disabled or on a non-UEFI system. That means you do not need to provide both a signed and unsigned version of the compiled Napatech driver.

Note: Loading the driver may fail when SELinux is enabled on a system. To ensure that the driver can be loaded by systemd and function correctly on system boot, the correct policies must be configured. See Configuring the correct policies on the SELinux enabled system..

Style Conventions

Bold typeface is used for names of, for instance, user interface elements and software components.

Italic typeface is used for replaceable text.

Monospaced typeface is used for code, commands and file names.

Abbreviations

BP

ByPass

DN

Document Number

GCC

GNU Compiler Collection

GNU

GNU’s Not Unix

MOK

Machine Owner Key

NEBS

Network Equipment-Building System

nt, NT

NapaTech

PTP

Precision Time Protocol

Rev.

REVision

RPM

RPM Package Manager

SCC

Self-Contained Cooling

SRPM

Source RPM

STD

STanDard

SW

SoftWare

UEFI

Unified Extensible Firmware Interface

References