Re: IMA signature generated by evmctl has unexpected key identifier

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 5/14/19 2:38 PM, Mimi Zohar wrote:

>> Keyring
>> 1054868458 ---lswrv      0     0  keyring: .ima
>> 740136756 --als--v 0 0 \_ asymmetric: hostname: whoami signing 
>> key: 85512d09fc12c7f38b9679352651dcb365903336


I should have asked you to make sure that the last 8 bytes of "X509v3
Subject Key Identifier" in the certificate used to sign the kernel
image is the same as above.

Mimi



Yes - the Subject Key Identifier matches the output from keyctl.

Please see below:

X509v3 Subject Key Identifier:
                85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36

thanks,
 -lakshmi
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux