From: Jamie Heilman Subject: Re: v4.6-rc1 regression bisected, Problem loading in-kernel X.509 certificate (-2) Date: Tue, 3 May 2016 17:25:36 +0000 Message-ID: <20160503172536.GC20775@cucamonga.audible.transient.net> References: <20160430083248.GA20775@cucamonga.audible.transient.net> <26795.1462266613@warthog.procyon.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Herbert Xu , linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org To: David Howells Return-path: Content-Disposition: inline In-Reply-To: <26795.1462266613@warthog.procyon.org.uk> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org David Howells wrote: > > Problem loading in-kernel X.509 certificate (-2) > > ENOENT? Hmmm... The only place that is generated is in the crypto layer. > That suggests missing crypto of some sort. > > The attached patch enables some debugging in some relevant files if you can > try applying it to your kernel. Alrighty, presumably relevant bits: X.509: Cert Issuer: Build time autogenerated kernel key X.509: Cert Subject: Build time autogenerated kernel key X.509: Cert Key Algo: rsa X.509: Cert Valid period: 1461826791-4615426791 X.509: Cert Signature: rsa + sha512 X.509: ==>x509_check_signature() X.509: ==>x509_get_sig_params() X.509: <==x509_get_sig_params() = 0 PKEY: ==>public_key_verify_signature() X.509: Cert Verification: -2 Problem loading in-kernel X.509 certificate (-2) ... PKCS7: ==> pkcs7_verify() PKCS7: ==> pkcs7_verify_one(,1) PKCS7: ==> pkcs7_digest(,1,sha512) PKCS7: MsgDigest = [0b f2 1f 7e f0 37 12 e6] PKCS7: <== pkcs7_digest() = 0 PKCS7: ==> pkcs7_find_key(1) PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579) PKCS7: <== pkcs7_verify() = 0 X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579" X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11 PKCS7: ==> pkcs7_verify() PKCS7: ==> pkcs7_verify_one(,1) PKCS7: ==> pkcs7_digest(,1,sha512) PKCS7: MsgDigest = [5b b5 bb 52 28 05 ba 55] PKCS7: <== pkcs7_digest() = 0 PKCS7: ==> pkcs7_find_key(1) PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579) PKCS7: <== pkcs7_verify() = 0 X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579" X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11 PKCS7: ==> pkcs7_verify() PKCS7: ==> pkcs7_verify_one(,1) PKCS7: ==> pkcs7_digest(,1,sha512) PKCS7: MsgDigest = [94 a4 59 31 7f a9 d0 3a] PKCS7: <== pkcs7_digest() = 0 PKCS7: ==> pkcs7_find_key(1) PKCS7: Sig 1: Issuing X.509 cert not found (#008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579) PKCS7: <== pkcs7_verify() = 0 X.509: Look up: "ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579" X.509: Request for key 'ex:008a32081403f1709a312c302a06035504030c234275696c642074696d65206175746f67656e657261746564206b65726e656c206b6579' err -11 full dmesg at http://audible.transient.net/~jamie/k/modsign.dmesg-debugging -- Jamie Heilman http://audible.transient.net/~jamie/