lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+icZUWXT8rkOyV+-Nc4MpjEPx1yO5j5j1Msemh3WtVtgf+EfQ@mail.gmail.com>
Date:	Mon, 9 Feb 2015 17:02:57 +0100
From:	Sedat Dilek <sedat.dilek@...il.com>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Jeff Kirsher <jeffrey.t.kirsher@...el.com>,
	David Howells <dhowells@...hat.com>
Subject: Re: [PATCH 3.18 00/39] 3.18.7-stable review

On Mon, Feb 9, 2015 at 4:58 PM, Sedat Dilek <sedat.dilek@...il.com> wrote:
> On Mon, Feb 9, 2015 at 4:44 PM, Greg Kroah-Hartman
> <gregkh@...uxfoundation.org> wrote:
>> On Mon, Feb 09, 2015 at 04:35:53PM +0100, Sedat Dilek wrote:
>>> Hi Greg,
>>>
>>> nice to see the kbuild and trace patches I was involved are in this series.
>>>
>>> Unfortunately, I see the following in my logs...
>>>
>>> [    2.117022] Request for unknown module key 'Magrathea: Glacier
>>> signing key: 009aa341bb673735a51dc34b238a0ca481d68098' err -11
>>> [    2.117114] mii: module verification failed: signature and/or
>>> required key missing - tainting kernel
>>>
>>> Not sure whom to CC.
>>> I CCed Jeff as he worked on MII.
>>> Signing key ---> Dave Howells?
>>>
>>> Attached are my kernel-config and dmesg output.
>>>
>>> Hope this helps.
>>>
>>> BTW, with v3.18.6 I haven't seen such output.
>>
>> Any way you could take the patches at
>> https://git.kernel.org/cgit/linux/kernel/git/stable/stable-queue.git/
>> in the queue-3.18 directory and bisect them to see which patch causes
>> the problem?  I don't see any obvious patch in this series that would be
>> the issue.
>>
>
> [ CC Dave Howells ]
>
> Unfortunately, I make-distclean-ed my build-dir.
>
> Is simply the sign-key missing?
>
>> mii: module verification failed: signature and/or  required key missing <
>

To name it's called "x509.genkey".

>From [1]:

[ QUOTE ]

Most notably, in the x509.genkey file, the req_distinguished_name section
should be altered from the default:

[ req_distinguished_name ]
O = Magrathea
CN = Glacier signing key
emailAddress = slartibartfast@...rathea.h2g2

[ /QUOTE ]

- Sedat -

[1] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/module-signing.txt#n118


> Documentation/module-signing.txt lists Magrathea, so I CCed Dave.
> Let's see what he says before doing a git-bisect session.
>
> I wanted to trough out the complete module-signing kernel-options for
> a long time.
> For test kernels it is simply not needed here.
>
> Sorry, for resending my files - build-log is attached as a new file.
>
> Hope this helps.
>
> BTW, why is there no MII maintainer listed in MAINTAINERS?
>
> ( No clue what MII has to do with module-signing, can someone explain? )
>
> - Sedat -
>
> P.S.: Check the logs for mii and x509 patterns.
>
> $ egrep 'mii|x509' build-log_3.18.7-rc1-1-iniza-small.txt
>   ASN.1   crypto/asymmetric_keys/x509-asn1.c
>   ASN.1   crypto/asymmetric_keys/x509_rsakey-asn1.c
>   CC      crypto/asymmetric_keys/x509_public_key.o
>   CC      crypto/asymmetric_keys/x509-asn1.o
>   CC      crypto/asymmetric_keys/x509_rsakey-asn1.o
>   CC      crypto/asymmetric_keys/x509_cert_parser.o
>   LD      crypto/asymmetric_keys/x509_key_parser.o
>                 -batch -x509 -config x509.genkey \
>                 -outform DER -out signing_key.x509 \
>   CERTS   kernel/x509_certificate_list
>   - Including cert ./signing_key.x509
>   CC [M]  drivers/net/mii.o
>   CC      drivers/net/mii.mod.o
>   LD [M]  drivers/net/mii.ko
>   INSTALL drivers/net/mii.ko
>
> - EOT -
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ