On Tue, 2019-05-21 at 10:48 -0700, Lakshmi wrote: > On 5/14/19 3:07 PM, Lakshmi wrote: > >> > >> I should have asked you to make sure that the last 8 bytes of "X509v3 > >> Subject Key Identifier" in the certificate used to sign the kernel > >> image is the same as above. > >> > >> Mimi > >> > > > > Yes - the Subject Key Identifier matches the output from keyctl. > > > > Please see below: > > > > X509v3 Subject Key Identifier: > > > > 85:51:2D:09:FC:12:C7:F3:8B:96:79:35:26:51:DC:B3:65:90:33:36 > > Please let me know if you need more information\logs on this issue. Have you tried using "evmctl ima_verify" to verify the signature after signing the file? Perhaps it's something with the key. If you haven't already used the scripts for generating the keys in the ima-evm-utils examples/ directory, you might try that. I just pushed out the ima-evm-utils master branch. See if the new "master" branch works. Mimi
