David Howells writes:
> Rusty Russell wrote:
>> And after those three fixes, I still get all fail:
>> [ 3.361036] Request for unknown module key 'Magrathea: Glacier
signing key: 6
>> e03943da0f3b015ba6ed7f5e0cac4fe48680994' err -11
> Can you look back further in your kernel output, see if you can spot the
> where it's trying to load the keys. Look for things from
> pr_notice("Loading module verification certificates\n");
> pr_err("MODSIGN: Problem loading in-kernel X.509 certificate (%ld)\n",
> pr_notice("MODSIGN: Loaded cert '%s'\n",
> Hmmm... I suspect it's that. We need a hash to verify the key's own
> signature too - and if you're using the key my autogen patch created for
> I think that would be SHA1, so that must be built in too.
Right, I chose SHA-512 because everyone knows it's 512 times more secure
I cherry-picked those two patches, and now I see:
[ 2.808075] Loading module verification certificates
[ 2.809331] X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has
[ 2.810500] MODSIGN: Problem loading in-kernel X.509 certificate (-127)
I noticed the Cert number didn't change with rebuilds: "distclean"
didn't remove some files:
$ git clean -f -f -x -d
Removing them didn't fix it either, but at least I got a new certificate.
This is x86-32 BTW. I've put the complete, built tree (minus .git dir)
up at http://ozlabs.org/~rusty/linux-for-dhowells.tar.xz
Here's how I run it:
kvm -nographic -m 256 -net user,restrict=off -net nic,model=virtio -drive
file=$QEMUIMAGEB,index=1,media=disk,if=virtio -kernel arch/x86/boot/bzImage
-append "ro root=/dev/vda1 console=ttyS0 $*"
To unsubscribe from this list: send the line "unsubscribe
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html