Re: CAAM and IMA/EVM : caam_rsa_enc: DECO: desc idx 7: Protocol Size Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Martin,

On Tue, Apr 10, 2018 at 2:06 PM, Martin Townsend
<mtownsend1973@xxxxxxxxx> wrote:
> Hi Fabio,
>
> On Tue, Apr 10, 2018 at 5:59 PM, Fabio Estevam <festevam@xxxxxxxxx> wrote:
>> Hi Martin,
>>
>> On Mon, Apr 9, 2018 at 5:41 AM, Martin Townsend <mtownsend1973@xxxxxxxxx> wrote:
>>> Hi,
>>>
>>> I'm trying to get to the bottom of an issue I'm seeing when enabling
>>> the CAAM in the kernel with IMA/EVM enabled.  I'm using the official
>>> NXP (imx_4.9.11_1.0.0_ga) vendor Kernel.
>>
>> Does it work better if you try mainline kernel instead?
>
> I had a few issues getting mainline working, the board kept resetting,

Let's try to fix this reset problem then :-)

> when I checked there are lots of patches in the NXP kernel not in
> mainline.   This CAAM problem does occur really early in the boot so
> just for an experiment its worth a try.

Ok, I just applied this patch that adds CAAM for mx6ull against linux-next:

http://code.bulix.org/rjkzt5-317022

and I see the following issue with cfg80211 certificate, but I do not
get a reset as you reported:

[    2.999416] caam_jr 2142000.jr1: 40000789: DECO: desc idx 7:
Protocol Size Error - A protocol has seen an error in size. When
running RSA, pdb size N < (size of F) when no formatting is used; or
pdb si
ze N < (F + 11) when formatting is used.
[    3.022168] ------------[ cut here ]------------
[    3.027247] WARNING: CPU: 0 PID: 1 at
crypto/asymmetric_keys/public_key.c:148
public_key_verify_signature+0x27c/0x2b0
[    3.038075] Modules linked in:
[    3.041226] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
4.16.0-next-20180410-00002-gf0ccf31-dirty #223
[    3.050413] Hardware name: Freescale i.MX6 Ultralite (Device Tree)
[    3.056643] Backtrace:
[    3.059173] [<c010d118>] (dump_backtrace) from [<c010d3d8>]
(show_stack+0x18/0x1c)
[    3.066802]  r7:00000000 r6:60000153 r5:00000000 r4:c107ae78
[    3.072523] [<c010d3c0>] (show_stack) from [<c0a50d24>]
(dump_stack+0xb4/0xe8)
[    3.079810] [<c0a50c70>] (dump_stack) from [<c012618c>] (__warn+0x104/0x130)
[    3.086922]  r9:d604dc94 r8:00000094 r7:00000009 r6:c0d3aea8
r5:00000000 r4:00000000
[    3.094728] [<c0126088>] (__warn) from [<c01262d0>]
(warn_slowpath_null+0x44/0x50)
[    3.102356]  r8:c1008908 r7:d67846c0 r6:c040bbc4 r5:00000094 r4:c0d3aea8
[    3.109120] [<c012628c>] (warn_slowpath_null) from [<c040bbc4>]
(public_key_verify_signature+0x27c/0x2b0)
[    3.118745]  r6:40000789 r5:d6782f00 r4:d6787f40
[    3.123428] [<c040b948>] (public_key_verify_signature) from
[<c040cbd4>] (x509_check_for_self_signed+0xc8/0x104)
[    3.133664]  r10:d602f000 r9:c0bcb1d0 r8:000002a8 r7:d6787f00
r6:d6787f40 r5:00000000
[    3.141543]  r4:d6782d80
[    3.144140] [<c040cb0c>] (x509_check_for_self_signed) from
[<c040bdd0>] (x509_cert_parse+0x11c/0x190)
[    3.153415]  r7:c0bcb1d0 r6:d6787f80 r5:d6782d80 r4:d6787f00
[    3.159138] [<c040bcb4>] (x509_cert_parse) from [<c040c860>]
(x509_key_preparse+0x1c/0x194)
[    3.167550]  r9:c0bcb1d0 r8:c10235dc r7:d604de30 r6:c1026a84
r5:d604de30 r4:c1026af0
[    3.175357] [<c040c844>] (x509_key_preparse) from [<c040adbc>]
(asymmetric_key_preparse+0x50/0x80)
[    3.184376]  r9:c0bcb1d0 r8:c10235dc r7:d604de30 r6:c1026a84
r5:c1008908 r4:c1026af0
[    3.192187] [<c040ad6c>] (asymmetric_key_preparse) from
[<c03e40b4>] (key_create_or_update+0x138/0x404)
[    3.201638]  r7:d6495601 r6:d6495600 r5:c1008908 r4:c1026a8c
[    3.207366] [<c03e3f7c>] (key_create_or_update) from [<c0f5a9c4>]
(regulatory_init_db+0xf4/0x1e8)
[    3.216303]  r10:0000000e r9:1f030000 r8:c0d1d144 r7:c17f1e7c
r6:c0bcb478 r5:000002a8
[    3.224180]  r4:c0bcb1d0
[    3.226780] [<c0f5a8d0>] (regulatory_init_db) from [<c0102764>]
(do_one_initcall+0x50/0x1a4)
[    3.235278]  r10:c0f00630 r9:c0f64858 r8:c107cb00 r7:00000000
r6:c0f5a8d0 r5:c1008908
[    3.243155]  r4:ffffe000
[    3.245753] [<c0102714>] (do_one_initcall) from [<c0f00f04>]
(kernel_init_freeable+0x118/0x1d8)
[    3.254512]  r9:c0f64858 r8:000000f4 r7:c0e1ec98 r6:c0f64854
r5:c107cb00 r4:c0f78f70
[    3.262324] [<c0f00dec>] (kernel_init_freeable) from [<c0a665b8>]
(kernel_init+0x10/0x118)
[    3.270650]  r10:00000000 r9:00000000 r8:00000000 r7:00000000
r6:00000000 r5:c0a665a8
[    3.278527]  r4:00000000
[    3.281127] [<c0a665a8>] (kernel_init) from [<c01010b4>]
(ret_from_fork+0x14/0x20)
[    3.288749] Exception stack(0xd604dfb0 to 0xd604dff8)
[    3.293859] dfa0:                                     00000000
00000000 00000000 00000000
[    3.302098] dfc0: 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000
[    3.310329] dfe0: 00000000 00000000 00000000 00000000 00000013 00000000
[    3.316993]  r5:c0a665a8 r4:00000000
[    3.320825] irq event stamp: 186525
[    3.324504] hardirqs last  enabled at (186543): [<c01803b8>]
console_unlock+0x4d4/0x5c8
[    3.332584] hardirqs last disabled at (186550): [<c017ffac>]
console_unlock+0xc8/0x5c8
[    3.340664] softirqs last  enabled at (186566): [<c01023a0>]
__do_softirq+0x1f8/0x2a0
[    3.348665] softirqs last disabled at (186577): [<c012bffc>]
irq_exit+0x14c/0x1a8
[    3.356307] ---[ end trace abf8fdf803902ee1 ]---
[    3.361030] cfg80211: Problem loading in-kernel X.509 certificate (-22)
[    3.370633] platform regulatory.0: Direct firmware load for
regulatory.db failed with error -2
[    3.379780] cfg80211: failed to load regulatory.db
[    3.385260] VSD_3V3: disabling
[    3.388632] ALSA device list:
[    3.391662]   #0: mx6ul-wm8960
[    3.536866] EXT4-fs (mmcblk1p2): recovery complete
[    3.545725] EXT4-fs (mmcblk1p2): mounted filesystem with ordered
data mode. Opts: (null)
[    3.554300] VFS: Mounted root (ext4 filesystem) on device 179:2.
[    3.587857] devtmpfs: mounted
[    3.600044] Freeing unused kernel memory: 1024K
[    3.775667] EXT4-fs (mmcblk1p2): re-mounted. Opts: (null)
Starting logging: OK
Initializing random number generator... done.
Starting network: OK

Welcome to Buildroot

It would be nice to fix this cfg80211 certificate issue though. My
colleague Breno has observed this same issue on a imx7.

Thanks



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux