Module signing broken after SYSTEM_DATA_VERIFICATION commit?
From: Valdis Kletnieks
Date: Thu Aug 27 2015 - 22:39:17 EST
I build kernels with MODULE_SIG=y, MODULE_SIG_FORCE=n (for build and run
coverage, but it shouldn't dork my system if it breaks). next-20150810
works just fine, but next-20150826 breaks modprobe - all calls to it
drop this in the dmesg:
[ 31.829322] PKCS7: Unknown OID:  2.16.822.214.171.124.4.2.3
[ 31.829328] PKCS7: Unknown OID:  2.16.8126.96.36.199.4.2.3
[ 31.829330] Unsupported digest algo: 55
and the modprobe fails.
This looks like the most suspicious commit in the area:
Author: David Howells <dhowells@xxxxxxxxxx>
Date: Mon Jul 20 21:16:28 2015 +0100
MODSIGN: Extract the blob PKCS#7 signature verifier from module signing
though it could be something else equally recent. Is this ringing any
bells, or should I go bisect it?
Description: PGP signature