Am Dienstag, 9. August 2016, 14:39:03 CEST schrieb Tapas Sarangi: Hi Tapas, David, > Hi Stephan, > > If I understand this correctly, this (CONFIG_MODULE_SIG_HASH=“sha256") > tells about the key size used. > I am using “sha256”. Initially, I was using “sha512” which I thought could > be causing problem, but I am getting same error when change it to > “sha256”. > > [root@localhost ~]# grep MODULE_SIG /boot/config-4.7.0-1.tos2_5 > > CONFIG_MODULE_SIG=y > # CONFIG_MODULE_SIG_FORCE is not set > CONFIG_MODULE_SIG_ALL=y > # CONFIG_MODULE_SIG_SHA1 is not set > # CONFIG_MODULE_SIG_SHA224 is not set > CONFIG_MODULE_SIG_SHA256=y > # CONFIG_MODULE_SIG_SHA384 is not set > # CONFIG_MODULE_SIG_SHA512 is not set > CONFIG_MODULE_SIG_HASH="sha256" > CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" It is rather the question how signing_key.pem is generated. Do you have the file certs/x509.genkey? If yes, what is the default_bits value? David, the x509.genkey file seems to generate a 4k RSA key per default. This will cause a panic with fips=1 as only 2k and 3k keys are allowed. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html