Skip to content

docs(linuxkm): document DTLS 1.3 configure flags #10377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jackctj117 wants to merge 2 commits into
base: master
Choose a base branch
from
+32 −1
Open

docs(linuxkm): document DTLS 1.3 configure flags #10377

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0870e86
docs(linuxkm): document DTLS 1.3 configure flags
jackctj117 May 1, 2026
8d6afc8
ci(linuxkm): test minimal DTLS 1.3 build + exports
jackctj117 May 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion .github/workflows/linuxkm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ jobs:
matrix:
config: [
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384'
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-tls13 --enable-dtls --enable-dtls13'
]
name: build module
if: github.repository_owner == 'wolfssl'
Expand Down Expand Up @@ -60,3 +61,15 @@ jobs:
make -j 4 KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1 || $(exit 11)
ls -l linuxkm/libwolfssl.ko || $(exit 12)
echo "Successful linuxkm build."

- name: Verify DTLS 1.3 symbols are exported (when WOLFSSL_DTLS13 is configured)
run: |
if grep -q '^#define WOLFSSL_DTLS13' wolfssl/options.h; then
echo "WOLFSSL_DTLS13 defined; checking GPL exports in libwolfssl.ko..."
objdump -t linuxkm/libwolfssl.ko \
| grep -qE '__ksymtab_wolfDTLSv1_3_(client|server)_method$' \
|| { echo "::error::DTLS 1.3 entry points not exported from libwolfssl.ko"; exit 13; }
echo "DTLS 1.3 export check: PASS"
else
echo "WOLFSSL_DTLS13 not defined for this matrix entry; skipping symbol check."
fi
18 changes: 18 additions & 0 deletions linuxkm/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,24 @@ $ sudo modprobe libwolfssl
| `--enable-intelasm` | x86/amd64 crypto acceleration |
| `--enable-cryptonly` | Omit TLS/DTLS implementation (normally recommended) |

### Enabling DTLS 1.3 in the kernel module

`--enable-linuxkm` does not implicitly enable TLS 1.3 or DTLS, so the DTLS 1.3
configure check (`configure.ac:5634-5636`) requires all three flags to be
passed explicitly:
Comment thread
dgarske marked this conversation as resolved.

```sh
./configure --enable-linuxkm \
--enable-tls13 --enable-dtls --enable-dtls13 \
--with-linux-source=/lib/modules/$(uname -r)/build
make -j$(nproc) module
Comment thread
dgarske marked this conversation as resolved.
```

The resulting `linuxkm/libwolfssl.ko` exports the DTLS 1.3 entry points
(`wolfDTLSv1_3_client_method`, `wolfDTLSv1_3_server_method`, etc.) as GPL
kernel symbols, available to other in-kernel consumers via
`EXPORT_SYMBOL_GPL`.
Comment thread
dgarske marked this conversation as resolved.

### Additional configuration options for verification, performance evaluation, and troubleshooting

| option | description |
Expand Down
Loading