David Howells wrote: > > Problem loading in-kernel X.509 certificate (-2) > > ENOENT? Hmmm... The only place that is generated is in the crypto layer. > That suggests missing crypto of some sort. > > The attached patch enables some debugging in some relevant files if you can > try applying it to your kernel. Alrighty, presumably relevant bits: X.509: Cert Issuer: Build time autogenerated kernel key X.509: Cert Subject: Build time autogenerated kernel key X.509: Cert Key Algo: rsa X.509: Cert Valid period: 1461826791-4615426791 X.509: Cert Signature: rsa + sha512 X.509: ==>x509_check_signature() X.509: ==>x509_get_sig_params() X.509: <==x509_get_sig_params() = 0 PKEY: ==>public_key_verify_signature() X.509: Cert Verification: -2 Problem loading in-kernel X.509 certificate (-2) ... PKCS7: ==> pkcs7_verify() PKCS7: ==> pkcs7_verify_one(,1) PKCS7: ==> pkcs7_digest(,1,sha512) PKCS7: MsgDigest = [0b f2 1f 7e f0 37 12 e6] PKCS7: <== pkcs7_digest() = 0 PKCS7: ==> pkcs7_find_key(1) PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579) PKCS7: <== pkcs7_verify() = 0 X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579" X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11 PKCS7: ==> pkcs7_verify() PKCS7: ==> pkcs7_verify_one(,1) PKCS7: ==> pkcs7_digest(,1,sha512) PKCS7: MsgDigest = [5b b5 bb 52 28 05 ba 55] PKCS7: <== pkcs7_digest() = 0 PKCS7: ==> pkcs7_find_key(1) PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579) PKCS7: <== pkcs7_verify() = 0 X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579" X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11 PKCS7: ==> pkcs7_verify() PKCS7: ==> pkcs7_verify_one(,1) PKCS7: ==> pkcs7_digest(,1,sha512) PKCS7: MsgDigest = [94 a4 59 31 7f a9 d0 3a] PKCS7: <== pkcs7_digest() = 0 PKCS7: ==> pkcs7_find_key(1) PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579) PKCS7: <== pkcs7_verify() = 0 X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579" X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11 full dmesg at http://audible.transient.net/~jamie/k/modsign.dmesg-debugging -- Jamie Heilman http://audible.transient.net/~jamie/ -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html