lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3f48aab2-7d8e-ee9b-c362-3b7f84609abe@molgen.mpg.de>
Date:   Fri, 4 Oct 2019 14:24:51 +0200
From:   Paul Menzel <pmenzel@...gen.mpg.de>
To:     Josh Boyer <jwboyer@...oraproject.org>
Cc:     linux-security-module@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: load_uefi_certs: Couldn't get size: 0x800000000000000e

Dear Josh,


On a Dell Latitude E7250 with a self-built Linux 5.4-rc1 the error message
below is printed on the screen.

    [    0.658664] Couldn't get size: 0x800000000000000e

Here are the message from the ring buffer (`dmesg`).

```
[    0.658329] calling  load_uefi_certs+0x0/0x217 @ 1
[    0.658472] integrity: Loading X.509 certificate: UEFI:db
[    0.658544] integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53'
[    0.658545] integrity: Loading X.509 certificate: UEFI:db
[    0.658606] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
[    0.658664] Couldn't get size: 0x800000000000000e
[    0.658689] Couldn't get UEFI MokListRT
[    0.658768] initcall load_uefi_certs+0x0/0x217 returned 0 after 426 usecs
```

Could this error message be improved, to give the user a hint, what is wrong,
what the consequences are, and what should be done?

Should the message below be `pr_error`, and the other error debug?

    pr_info("Couldn't get UEFI MokListRT\n");

Please find the Linux messages and (`make savedefconfig`) configuration
attached.

Do you know more about the reason, and if the Linux code can handle it more
gracefully?

Commit 15ea0e1e (efi: Import certificates from UEFI Secure Boot) was already
added in Linux 5.0, and I do not remember seeing it with Debian’s default
Linux kernel. No idea, what is configured differently, or I just missed it.


Kind regards,

Paul

View attachment "linux-5.4-rc1-defconfig.txt" of type "text/plain" (13265 bytes)

View attachment "dell-latitude-e7250-linux-5.4-rc1-messages.txt" of type "text/plain" (158470 bytes)

Download attachment "smime.p7s" of type "application/pkcs7-signature" (5174 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ