The main goal is to disable the aegis "seal" that prevents tampering from userspace to the Aegis enforcing settings. I mentioned userspace because nothing prevents a kernel module from tampering with the seal, and that is exactly what can be done: a module that removes the seal.

So, the steps should be:

1. Put the kernel module binary and the modhash.py script into a directory accessible by root.
2. Open a root shell, and then enter develsh.
   
   Code:

   # develsh

3. Calculate the hash of the unseal.ko module using the modhash.py script. It will also try to add it to the Aegis whitelist.
   
   Code:

   # python modhash.py unseal.ko 
   2ff9c8645c953d97bbd31b4b36fe401b3932a038

   (You do not need to do anything with the hash; it should all be done automatically)
4. Load the module!
   
   Code:

   # insmod unseal.ko

5. Check the results
   
   Code:

   # dmesg -c
   ...
   [  416.146728] unseal: valinfo.seal=0

6. Now that Aegis configuration is no longer sealed, disable it!
   
   Code:

   # echo 0 > /sys/kernel/security/validator/enforce

In non-enforcing mode, Aegis will print all of the "security warnings" it prints on dmesg as usual, but it will not actually reject binaries.

Some things to note:

• Note that you need to repeat all of the steps every time you reboot.
• Do not blame me if you trigger Aegis selfdestruction doing this (you will need to reflash)
• Do not use this kernel module in anything other than the current N950 image
• The modhash.py script can be used to hash any other kernel module you would wish to load.
• This can be at any moment disabled by a future firmware so I suggest not making a fuss about it. I suggest using it for developer convenience only for the time being. It it is not a hack -- in fact, it will only work when developer mode and develsh are available and contain the many required privileges.