modsign vs build-id
Jarod Wilson
jwilson at redhat.com
Tue Aug 14 21:48:21 UTC 2007
Roland McGrath wrote:
>> The signature sections are identical. Triple-checked that I was
>> comparing with the ext3.ko from the initrd that booted the system.
> [...]
>> To make it even more interesting:
>>
>> # cd /lib/modules/2.6.23-0.104.rc3.vsc.fc8/kernel/drivers/net/e1000
>> # insmod e1000.ko
>> Modules signature verification failed
>> insmod: error inserting 'e1000.ko': -1 Key was rejected by service
>> # strip -g e1000.ko
>> # insmod e1000.ko
>> # lsmod |grep e1000
>> e1000 125977 0
>
> Ok. This makes me think that the signature generation and/or verification
> are looking at something they shouldn't be. i.e., something strip changed.
>
>>> Also, you could try setting MODSIGN_DEBUG in kernel/module-verify-sig.c
>>> (linux-2.6-modsign-core.patch) and booting with "debug" to see those msgs.
>> Sure, I'll add that too.
>
> Also hack modsign.sh to pass -v to mod-extract. The logs from mod-extract
> for a given module and the printks from verification looking at that module
> should give us something to go on.
The build is just about done, but I gotta run. I'll poke at it some more
in a few hours though...
--
Jarod Wilson
jwilson at redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-kernel-list/attachments/20070814/1bb242fe/attachment.sig>
More information about the Fedora-kernel-list
mailing list