[Bug 2086819] [NEW] scripts/insert-sys-cert does not insert a cert into kernel image

Joy M Latten Wed, 06 Nov 2024 12:30:42 -0800

Public bug reported:

[Impact]
/usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert fails to insert 
a certificate into vmlinuz


[Test Case]

1. cp /boot/vmlinuz-6.8.0-47-generic ~/workdir/
2. cp /boot/System.map-6.8.0-47-generic ~/workdir/
3. cd ~/workdir
4. openssl req -x509 -newkey rsa:4096 -keyout snakeoil-key.der -out 
snakeoil-cert.der -sha256 -days 3650 -nodes -subj 
"/O=MyCert/OU=MyCert/CN=snakeoil" -outform DER
5. /usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert -s 
System.map-6.8.0-47-generic -z vmlinuz-6.8.0-47-generic -c snakeoil-cert.der

ERROR:   Unable to determine the compression of vmlinux

Recent kernels use zstd compression, which Ubuntu's insert-sys-cert does not 
know about. The
scripts/extract-vmlinux could be used to extract the vmlinux since it knows 
about zstd. However, because it has been stripped, it tries to use the 
Systems.map file to find the symbol, but has trouble reading
lines of the file.

1. /usr/src/linux-headers-6.8.0-47-generic/scripts/extract-vmlinux 
vmlinuz-6.8.0-47-generic > myvmlinux
2. file vmlinux
   vmlinux: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically 
linked, 
   BuildID[sha1]=90786183f0bb9cf3d745ac2a83e1b86d473d6594, stripped

3. /usr/src/linux-headers-6.8.0-47-generic/scripts/insert-sys-cert -s
System.map-6.8.0-47-generic -b myvmlinux -c snakeoil-cert.der

WARNING: Could not find the symbol table.
ERROR:   Missing line ending.
ERROR:   Missing line ending.
ERROR:   Missing line ending.

[ Where Problem Occurred ]

Package Name: 
# dpkg -l | grep linux-headers-6.8.0-47-generic
ii  linux-headers-6.8.0-47-generic               6.8.0-47.47                    
   amd64        Linux kernel headers for version 6.8.0 on 64 bit x86 SMP

# cat /proc/version_signature
Ubuntu 6.8.0-47.47-generic 6.8.12

# lsb_release -rd
No LSB modules are available.
Description:    Ubuntu 24.04.1 LTS
Release:        24.04

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2086819

Title:
  scripts/insert-sys-cert does not insert a cert into kernel image

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2086819/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2086819] [NEW] scripts/insert-sys-cert does not insert a cert into kernel image

Reply via email to