Skip to content
Kernel Module Build

docs(linuxkm): document DTLS 1.3 configure flags #5203

Sign in to view logs

docs(linuxkm): document DTLS 1.3 configure flags

docs(linuxkm): document DTLS 1.3 configure flags #5203

Workflow file for this run

.github/workflows/linuxkm.yml at 8d6afc8
name: Kernel Module Build
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_library:
strategy:
matrix:
config: [
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-tls13 --enable-dtls --enable-dtls13'
]
name: build module
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Prepare target kernel for module builds
run: |
echo "updating linux-headers"
apt_ok=false
for i in 1 2 3; do
if sudo apt-get update && sudo apt-get install -y linux-headers-$(uname -r); then
apt_ok=true
break
fi
echo "::warning::apt-get failed (attempt $i/3), retrying..."
sleep $((5 * i))
done
if [ "$apt_ok" != true ]; then exit 2; fi
echo "preparing target kernel $(uname -r)"
pushd "/lib/modules/$(uname -r)/build" || $(exit 4)
if [ -f /proc/config.gz ]; then gzip -dc /proc/config.gz > /tmp/.config && sudo mv /tmp/.config . || $(exit 5); elif [ -f "/boot/config-$(uname -r)" ]; then sudo cp -p "/boot/config-$(uname -r)" .config || $(exit 6); fi
sudo make -j 4 olddefconfig || $(exit 7)
sudo make M="$(pwd)" modules_prepare || $(exit 8)
popd >/dev/null
- name: autogen.sh
run: |
./autogen.sh || $(exit 9)
- name: Build libwolfssl.ko, targeting GitHub ubuntu-latest, with --enable-all, PQC, and smallstack and stack depth warnings
run: |
echo "running ./configure --with-linux-source=/lib/modules/$(uname -r)/build ${{ matrix.config }}"
./configure --with-linux-source=/lib/modules/$(uname -r)/build ${{ matrix.config }} || $(exit 10)
# try to remove profiling (-pg) because it leads to "_mcleanup: gmon.out: Permission denied"
make -j 4 KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1 || $(exit 11)
ls -l linuxkm/libwolfssl.ko || $(exit 12)
echo "Successful linuxkm build."
- name: Verify DTLS 1.3 symbols are exported (when WOLFSSL_DTLS13 is configured)
run: |
if grep -q '^#define WOLFSSL_DTLS13' wolfssl/options.h; then
echo "WOLFSSL_DTLS13 defined; checking GPL exports in libwolfssl.ko..."
objdump -t linuxkm/libwolfssl.ko \
| grep -qE '__ksymtab_wolfDTLSv1_3_(client|server)_method$' \
|| { echo "::error::DTLS 1.3 entry points not exported from libwolfssl.ko"; exit 13; }
echo "DTLS 1.3 export check: PASS"
else
echo "WOLFSSL_DTLS13 not defined for this matrix entry; skipping symbol check."
fi