On Tue, 2019-02-12 at 10:02 -0800, James Prestwood wrote:
>
> Ok, so one of the issue was that my kernel has only builtin modules,
> and the filesystem with /lib/firmware was not mounted until after
> kernel boot. I built in both regulatory.db and regulatory.db.p7s into
> the kernel and now I see it actually tried to load them. Unfortunately
> its getting missing/invalid signature:
>
> [0.377072] cfg80211: Loading compiled-in X.509 certificates for
> regulatory database
> [ 0.378458] cfg80211: Loaded X.509 cert 'sforshee:
> 00b28ddf47aef9cea7'
> [ 0.379777] PKCS#7 signature not signed with a trusted key
> [ 0.380524] cfg80211: loaded regulatory.db is malformed or signature
> is missing/invalid
>
> This is a test machine, so I really don't care about ensuring my
> regulatory.db is signed. I tried disabling this with
> CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=n but when I rebuild this option
> gets overwritten and it changes back to being enabled. There must be a
> conflicting option.
It depends on CFG80211_CERTIFICATION_ONUS=y.
> Optimally it would be nice to just disable this verification
> completely, but if that's not possible I assume I need to add the key
> that signed the regulatory.db into the kernel? If so can that also be
> built into the kernel?
Seth's key is there ("Loaded X.509 cert: 'sforshee: ...'"), so not sure
why you're getting a verification failure if you built both the db and
the signature file into the kernel ... hmm.
You didn't build those yourself, did you?
johannes
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
