Thanks for the link. It seems that the sign-file utility from the
kernel (scripts/sign-file) has been converted to a .c file and somehow
it produces a different output.
I think if you really want to make sure the module is signed is by
doing a hexdump and perhaps strip the signature out and try to
On Thursday, 12 April 2018 22:47:31 BST Dave Trombley wrote:
> This has been broken for almost two years; the signature format switched to
> PKCS#7 and modinfo doesn't support it. It's not as simple as just
> patching kmod because evidently the kernel change regressed or disrespected
> the
On Wednesday, 11 April 2018 21:39:30 BST Ben Mezger wrote:
> Greetings,
>
> I have enabled module signature verification on my kernel, and it does
> seem to be enabled upon boot:
>
> $ dmesg | grep -i 'x.*509'
> [1.259988] Asymmetric key parser 'x509' registered
> [1.811026] Loading
This has been broken for almost two years; the signature format switched to
PKCS#7 and modinfo doesn't support it. It's not as simple as just
patching kmod because evidently the kernel change regressed or disrespected
the relevent structure in the modules in a way that makes it impossible for
Greetings,
I have enabled module signature verification on my kernel, and it does
seem to be enabled upon boot:
$ dmesg | grep -i 'x.*509'
[1.259988] Asymmetric key parser 'x509' registered
[1.811026] Loading compiled-in X.509 certificates
[1.813833] Loaded X.509 cert 'Build time
5 matches
Mail list logo
