This Linux kernel module creates a character device (/dev/encryption_device) that accepts input data, encrypts it using AES in CBC mode, and stores it in memory. It supports basic read/write operations for testing encrypted data flow between kernel space and user space.
- AES-128 encryption using the kernel crypto API
- Character device interface
- Simple in-kernel storage buffer
- Module signing support for Secure Boot
- Linux kernel headers
- GCC, make
- Secure Boot enabled (optional, requires MOK enrollment)
- Tools:
openssl,mokutil,dd
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=MyModuleKey/"sudo mokutil --import MOK.derThen reboot and complete enrollment via the MOK Manager menu.
Change into the respective directory after cloning and then build the module.
makesudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 MOK.priv MOK.der encryption_device.kosudo insmod encryption_device.kosudo chmod 666 /dev/encryption_device- Write some input data
cat <<EOF > input.txt
This is a test file for encryption.
It contains multiple lines of text.
The encryption device should securely store and retrieve this data.
Let's see how it works
EOF- Write to the device (encrypts and stores)
dd if=input.txt of=/dev/encryption_device bs=256- Read from the device (gets stored, encrypted data)
dd if=/dev/encryption_device of=encrypted.txt bs=256cat encrypted.txtsudo rmmod encryption_devicemake cleanBy following these steps, an encrypted.txt file is generated containing the encrypted data. Since the content is encrypted, it appears in a non-human-readable format and can only be properly interpreted by decrypting it using the same kernel module.