Re: [PATCH 1/1] x509: only prefix strip raw serial numbers
From: Andy Whitcroft
Date: Wed Sep 16 2015 - 06:57:59 EST
On Tue, Sep 15, 2015 at 10:59:43AM +0100, David Howells wrote:
> Andy Whitcroft <apw@xxxxxxxxxxxxx> wrote:
>
> > This leads us to truncate the id for kernel module signing keys and to
> > fail to recognise our own modules:
> >
> > [ 1.572423] Loaded X.509 cert 'Build time autogenerated kernel
> > key: 62a7c3d2da278be024da4af8652c071f3fea33'
> > [ 1.646153] Request for unknown module key 'Build time autogenerated
> > kernel key: 0062a7c3d2da278be024da4af8652c071f3fea33' err -11
>
> I don't suppose you've saved the key and a random small module that I can have
> a play with?
Sorry no, the key was an ephemeral key in those builds. I did run a few
key builds to generate a new key with 0's to confirm this was possible.
> What version of the kernel are you using, btw?
Ahh yes, this was against a v4.2 final, I see that sign-file is all
changing to use openssl, so I will go confirm that this is not different
as a result.
-apw
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/