Hi Mimi, On Wed, Mar 27, 2019 at 03:36:04PM -0400, Mimi Zohar wrote: > On Fri, 2019-03-22 at 14:27 +0800, Lee, Chun-Yi wrote: > > We found that the db in Acer machine has self signed certificates > > (CN=DisablePW or CN=ABO) that they used obsolete OID 1.3.14.3.2.29 > > sha1WithRSASignature and 2.5.29.1 subjectKeyIdentifier. Kernel > > emits -65 error code when loading those certificates to platform > > keyring: > > > > [ 1.484388] integrity: Loading X.509 certificate: UEFI:MokListRT > > [ 1.485557] integrity: Problem loading X.509 certificate -65 > > [ 1.486100] Error adding keys to platform keyring UEFI:MokListRT > > > > Because the -65 error code is not enough for appeasing user when > > loading a outdated certificate. This patch add messages against > > 1.3.14.3.2.29 and 2.5.29.1 OIDs. > > > > Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1129471 > > Cc: David Howells <dhowells@xxxxxxxxxx> > > Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > > Signed-off-by: "Lee, Chun-Yi" <jlee@xxxxxxxx> > > Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> Thanks for your review! Joey Lee
