Oracle Solaris Security for Developers Guide

Packaging Kernel-Level Provider Modules

A third-party developer of a kernel-level cryptographic provider module completes the following process:

  1. Acquire a certificate from Sun Microsystems, Inc. Then, sign the kernel software module or device driver. See Adding Signatures to Providers.

  2. Ship the certificate with the package. The certificate should be placed in the /etc/crypto/certs directory.

  3. Add the kcfconf class into the CLASSES string of the pkginfo file. The following line should be added:

    CLASS=none kcfconf
  4. Create an input file kcf.conf in the etc/crypto directory. This file is used to add software and hardware plug-ins to the kernel configuration file.

    • If the provider is a kernel software module with cryptographic mechanisms, use the following syntax for the entry:


      Base name for the kernel software module


      Name of the cryptographic mechanism in the list

      The following entry is an example of a kernel software module:

    • If the provider is a device driver for cryptographic mechanisms, such as an accelerator card, then use the following syntax for the entry:


      Name of a device driver for a cryptographic device.

      The following entry is an example of a device driver: