Re: [PATCH 1/1] x509: only prefix strip raw serial numbers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 15, 2015 at 10:59:43AM +0100, David Howells wrote:
> Andy Whitcroft <apw@xxxxxxxxxxxxx> wrote:
> 
> > This leads us to truncate the id for kernel module signing keys and to
> > fail to recognise our own modules:
> > 
> >   [    1.572423] Loaded X.509 cert 'Build time autogenerated kernel
> >     key: 62a7c3d2da278be024da4af8652c071f3fea33'
> >   [    1.646153] Request for unknown module key 'Build time autogenerated
> >     kernel key: 0062a7c3d2da278be024da4af8652c071f3fea33' err -11
> 
> I don't suppose you've saved the key and a random small module that I can have
> a play with?

Sorry no, the key was an ephemeral key in those builds.  I did run a few
key builds to generate a new key with 0's to confirm this was possible.

> What version of the kernel are you using, btw?

Ahh yes, this was against a v4.2 final, I see that sign-file is all
changing to use openssl, so I will go confirm that this is not different
as a result.

-apw
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux