Re: [PATCH 0/5] MODSIGN: Use PKCS#7 for module signatures

[Mimi Zohar]

On Mon, 2014-11-24 at 16:13 +0000, David Howells wrote: 
> David Howells <dhowells@xxxxxxxxxx> wrote:
> 
> > > Actually after cleaning the tree and re-signing the modules, I get following
> > > 
> > > Unrecognized character \x7F; marked by <-- HERE after <-- HERE near
> > > column 1 at ./scripts/sign-file line 1.
> > > make[1]: *** [arch/x86/crypto/aes-x86_64.ko] Error 255
> > 
> > warthog>grep -r sign-file Makefile 
> > mod_sign_cmd = perl $(srctree)/scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY)
> > 
> > Because of that.  I need to remove the 'perl' bit.
> 
> It's a little more involved than that.  The X.509 cert being passed to the
> program is binary, whereas the one I've been testing with is PEM encoded - and
> libssl has separate routines that don't work out for themselves which encoding
> is in force.  Proposed changes below.

With this patch, I'm now able to install and boot the new kernel and
modules.

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/