* [ISSUE] Module signing
@ 2021-02-03 15:37 anon-lestat
2021-02-03 15:38 ` anon-lestat
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: anon-lestat @ 2021-02-03 15:37 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 795 bytes --]
New issue by anon-lestat on void-packages repository
https://github.com/void-linux/void-packages/issues/28440
Description:
* xuname:
Void 5.4.94_1 x86_64-musl GenuineIntel uptodate rDFFF
* package:
linux5.4.94_1
### Expected behavior
Enable enforced module signing and system boots without allowing unsigned modules.
### Actual behavior
Linux doesnt start
### Steps to reproduce the behavior
Make these changes in kernel config before compiling:
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_ALL=y
CONFIG_MODULE_SIG_SHA1=y
CONFIG_MODULE_SIG_HASH="sha1"
Compile, Package and install the kernel.
Add module.sig_enforce=1 to boot parameters,
Start the system.
The kernel used: https://notabug.org/anonymous-lestat/Void-Hardened-Kernel/src/master/x86_64-dotconfig-custom
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: Module signing 2021-02-03 15:37 [ISSUE] Module signing anon-lestat @ 2021-02-03 15:38 ` anon-lestat 2021-02-03 15:41 ` ahesford 2021-02-03 15:41 ` [ISSUE] [CLOSED] " ahesford 2 siblings, 0 replies; 4+ messages in thread From: anon-lestat @ 2021-02-03 15:38 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 202 bytes --] New comment by anon-lestat on void-packages repository https://github.com/void-linux/void-packages/issues/28440#issuecomment-772601785 Comment: Kernel is tainted which means modules didnt get signed. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Module signing 2021-02-03 15:37 [ISSUE] Module signing anon-lestat 2021-02-03 15:38 ` anon-lestat @ 2021-02-03 15:41 ` ahesford 2021-02-03 15:41 ` [ISSUE] [CLOSED] " ahesford 2 siblings, 0 replies; 4+ messages in thread From: ahesford @ 2021-02-03 15:41 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 203 bytes --] New comment by ahesford on void-packages repository https://github.com/void-linux/void-packages/issues/28440#issuecomment-772603791 Comment: You are building a custom kernel, this is not a Void issue. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [ISSUE] [CLOSED] Module signing 2021-02-03 15:37 [ISSUE] Module signing anon-lestat 2021-02-03 15:38 ` anon-lestat 2021-02-03 15:41 ` ahesford @ 2021-02-03 15:41 ` ahesford 2 siblings, 0 replies; 4+ messages in thread From: ahesford @ 2021-02-03 15:41 UTC (permalink / raw) To: ml [-- Attachment #1: Type: text/plain, Size: 805 bytes --] Closed issue by anon-lestat on void-packages repository https://github.com/void-linux/void-packages/issues/28440 Description: * xuname: Void 5.4.94_1 x86_64-musl GenuineIntel uptodate rDFFF * package: linux5.4.94_1 ### Expected behavior Enable enforced module signing and system boots without allowing unsigned modules. ### Actual behavior Linux doesnt start ### Steps to reproduce the behavior Make these changes in kernel config before compiling: CONFIG_MODULE_SIG=y CONFIG_MODULE_SIG_ALL=y CONFIG_MODULE_SIG_SHA1=y CONFIG_MODULE_SIG_HASH="sha1" Compile, Package and install the kernel. Add module.sig_enforce=1 to boot parameters, Start the system. The kernel config used: https://notabug.org/anonymous-lestat/Void-Hardened-Kernel/src/master/x86_64-dotconfig-custom ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-02-03 15:41 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-02-03 15:37 [ISSUE] Module signing anon-lestat 2021-02-03 15:38 ` anon-lestat 2021-02-03 15:41 ` ahesford 2021-02-03 15:41 ` [ISSUE] [CLOSED] " ahesford
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).