Re: [PATCH 0/5] MODSIGN: Use PKCS#7 for module signatures
From: Mimi Zohar
Date: Mon Nov 24 2014 - 12:14:51 EST
On Mon, 2014-11-24 at 16:13 +0000, David Howells wrote:
> David Howells <dhowells@xxxxxxxxxx> wrote:
>
> > > Actually after cleaning the tree and re-signing the modules, I get following
> > >
> > > Unrecognized character \x7F; marked by <-- HERE after <-- HERE near
> > > column 1 at ./scripts/sign-file line 1.
> > > make[1]: *** [arch/x86/crypto/aes-x86_64.ko] Error 255
> >
> > warthog>grep -r sign-file Makefile
> > mod_sign_cmd = perl $(srctree)/scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY)
> >
> > Because of that. I need to remove the 'perl' bit.
>
> It's a little more involved than that. The X.509 cert being passed to the
> program is binary, whereas the one I've been testing with is PEM encoded - and
> libssl has separate routines that don't work out for themselves which encoding
> is in force. Proposed changes below.
With this patch, I'm now able to install and boot the new kernel and
modules.
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/