28.03.2009 kl. 03:41 skrev John Zolnowsky x69422/408-404-5064: > >> Date: Sat, 28 Mar 2009 03:01:07 +0100 >> From: Andreas Portele <ultrasparc at rechnerpool.de> >> >> Hi! >> >> I have a wired problem loading a signed kcf crypto provider. I was >> already able to load it back in time, but it stopped working for some >> unknown reason. >> >> elfsign says every thing is ok: >> >> >> -----8<-----8<------8<--- >> >> # elfsign verify padlock >> elfsign: verification of padlock passed. > > What does "elfsign verify -v padlock" yield? > What does "svcs cryptosvc" say? > Are there any syslog/console messages from kcfd?
#elfsign verify -v padlock elfsign: verification of padlock passed. format: rsa_sha1. signer: C=US, CN=portele. signed on: Sat Mar 28 03:32:12 2009. --------------------------------------- # svcs cryptosvc STATE STIME FMRI online Mar_26 svc:/system/cryptosvc:default ------------------------------ there are no kcfd messages. I think module signing never worked here. The problem arouse after adding an cipher_ops to the crypto_ops struct (just back checked). But as long as there are no cipher_ops or similar ops in crypto_ops, there will be done no signing verification.. so this never hit me until now. >> >> ******* interesting part *** >> >> 0 -> kcf_need_signature_verification >> 0 <- kcf_need_signature_verification rc=4294967295 > > That's (uint_t) (-1), so verification failed. As I understand the verification is failing because no signing is found ?!
