On Tue, Sep 15, 2015 at 10:59:43AM +0100, David Howells wrote: > Andy Whitcroft <apw@xxxxxxxxxxxxx> wrote: > > > This leads us to truncate the id for kernel module signing keys and to > > fail to recognise our own modules: > > > > [ 1.572423] Loaded X.509 cert 'Build time autogenerated kernel > > key: 62a7c3d2da278be024da4af8652c071f3fea33' > > [ 1.646153] Request for unknown module key 'Build time autogenerated > > kernel key: 0062a7c3d2da278be024da4af8652c071f3fea33' err -11 > > I don't suppose you've saved the key and a random small module that I can have > a play with? Sorry no, the key was an ephemeral key in those builds. I did run a few key builds to generate a new key with 0's to confirm this was possible. > What version of the kernel are you using, btw? Ahh yes, this was against a v4.2 final, I see that sign-file is all changing to use openssl, so I will go confirm that this is not different as a result. -apw -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html