Re: [PATCH 3.18 00/39] 3.18.7-stable review
From: Sedat Dilek
Date: Mon Feb 09 2015 - 11:03:04 EST
On Mon, Feb 9, 2015 at 4:58 PM, Sedat Dilek <sedat.dilek@xxxxxxxxx> wrote:
> On Mon, Feb 9, 2015 at 4:44 PM, Greg Kroah-Hartman
> <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>> On Mon, Feb 09, 2015 at 04:35:53PM +0100, Sedat Dilek wrote:
>>> Hi Greg,
>>>
>>> nice to see the kbuild and trace patches I was involved are in this series.
>>>
>>> Unfortunately, I see the following in my logs...
>>>
>>> [ 2.117022] Request for unknown module key 'Magrathea: Glacier
>>> signing key: 009aa341bb673735a51dc34b238a0ca481d68098' err -11
>>> [ 2.117114] mii: module verification failed: signature and/or
>>> required key missing - tainting kernel
>>>
>>> Not sure whom to CC.
>>> I CCed Jeff as he worked on MII.
>>> Signing key ---> Dave Howells?
>>>
>>> Attached are my kernel-config and dmesg output.
>>>
>>> Hope this helps.
>>>
>>> BTW, with v3.18.6 I haven't seen such output.
>>
>> Any way you could take the patches at
>> https://git.kernel.org/cgit/linux/kernel/git/stable/stable-queue.git/
>> in the queue-3.18 directory and bisect them to see which patch causes
>> the problem? I don't see any obvious patch in this series that would be
>> the issue.
>>
>
> [ CC Dave Howells ]
>
> Unfortunately, I make-distclean-ed my build-dir.
>
> Is simply the sign-key missing?
>
>> mii: module verification failed: signature and/or required key missing <
>
To name it's called "x509.genkey".
>From [1]:
[ QUOTE ]
Most notably, in the x509.genkey file, the req_distinguished_name section
should be altered from the default:
[ req_distinguished_name ]
O = Magrathea
CN = Glacier signing key
emailAddress = slartibartfast@xxxxxxxxxxxxxx
[ /QUOTE ]
- Sedat -
[1] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/module-signing.txt#n118
> Documentation/module-signing.txt lists Magrathea, so I CCed Dave.
> Let's see what he says before doing a git-bisect session.
>
> I wanted to trough out the complete module-signing kernel-options for
> a long time.
> For test kernels it is simply not needed here.
>
> Sorry, for resending my files - build-log is attached as a new file.
>
> Hope this helps.
>
> BTW, why is there no MII maintainer listed in MAINTAINERS?
>
> ( No clue what MII has to do with module-signing, can someone explain? )
>
> - Sedat -
>
> P.S.: Check the logs for mii and x509 patterns.
>
> $ egrep 'mii|x509' build-log_3.18.7-rc1-1-iniza-small.txt
> ASN.1 crypto/asymmetric_keys/x509-asn1.c
> ASN.1 crypto/asymmetric_keys/x509_rsakey-asn1.c
> CC crypto/asymmetric_keys/x509_public_key.o
> CC crypto/asymmetric_keys/x509-asn1.o
> CC crypto/asymmetric_keys/x509_rsakey-asn1.o
> CC crypto/asymmetric_keys/x509_cert_parser.o
> LD crypto/asymmetric_keys/x509_key_parser.o
> -batch -x509 -config x509.genkey \
> -outform DER -out signing_key.x509 \
> CERTS kernel/x509_certificate_list
> - Including cert ./signing_key.x509
> CC [M] drivers/net/mii.o
> CC drivers/net/mii.mod.o
> LD [M] drivers/net/mii.ko
> INSTALL drivers/net/mii.ko
>
> - EOT -
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/