* [BUILD] Unable to sign drivers on Ubuntu 22.04 LTS desktop
@ 2023-05-04 17:02 Mirsad Goran Todorovac
2023-05-05 9:00 ` [BUILD] [FOUND WORKAROUND] " Mirsad Goran Todorovac
2023-05-05 13:46 ` [BUILD] " Bagas Sanjaya
0 siblings, 2 replies; 5+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-04 17:02 UTC (permalink / raw)
To: Bagas Sanjaya; +Cc: linux-kernel
Hi Bagas,
I seem to have run into a dead end with this.
OpenSSL 3.0.2 refuses to cooperate, despite enabling legacy ciphers:
BTF [M] net/nsh/nsh.ko
BTF [M] net/hsr/hsr.ko
make -f ./Makefile ARCH=x86 KERNELRELEASE=6.3.0+ intdeb-pkg
sh ./scripts/package/builddeb
INSTALL
debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
SIGN
debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
At main.c:170:
- SSL error:1E08010C:DECODER routines::unsupported:
../crypto/encode_decode/decoder_lib.c:101
sign-file: ./
make[6]: *** [scripts/Makefile.modinst:87:
debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko]
Error 1
make[6]: *** Deleting file
'debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko'
make[5]: *** [Makefile:1955: modules_install] Error 2
make[4]: *** [scripts/Makefile.package:150: intdeb-pkg] Error 2
make[3]: *** [Makefile:1657: intdeb-pkg] Error 2
make[2]: *** [debian/rules:16: binary-arch] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit
status 2
make[1]: *** [scripts/Makefile.package:139: bindeb-pkg] Error 2
make: *** [Makefile:1657: bindeb-pkg] Error 2
I have tried to enable NEXT crypto mode:
% sudo update-crypto-policies --set NEXT
and rebooted, but no use.
Google also doesn't give a clue.
I have been able to compile kernels on Ubuntu 22.04 LTS on my laptop
just about a year ago.
Thank you.
Mirsad
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUILD] [FOUND WORKAROUND] Unable to sign drivers on Ubuntu 22.04 LTS desktop
2023-05-04 17:02 [BUILD] Unable to sign drivers on Ubuntu 22.04 LTS desktop Mirsad Goran Todorovac
@ 2023-05-05 9:00 ` Mirsad Goran Todorovac
2023-05-05 12:45 ` Bagas Sanjaya
2023-05-05 13:46 ` [BUILD] " Bagas Sanjaya
1 sibling, 1 reply; 5+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-05 9:00 UTC (permalink / raw)
To: Mirsad Goran Todorovac, Bagas Sanjaya; +Cc: linux-kernel
On 4.5.2023. 19:02, Mirsad Goran Todorovac wrote:
> Hi Bagas,
>
> I seem to have run into a dead end with this.
>
> OpenSSL 3.0.2 refuses to cooperate, despite enabling legacy ciphers:
>
> BTF [M] net/nsh/nsh.ko
> BTF [M] net/hsr/hsr.ko
> make -f ./Makefile ARCH=x86 KERNELRELEASE=6.3.0+ intdeb-pkg
> sh ./scripts/package/builddeb
> INSTALL debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
> SIGN debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
> At main.c:170:
> - SSL error:1E08010C:DECODER routines::unsupported: ../crypto/encode_decode/decoder_lib.c:101
> sign-file: ./
> make[6]: *** [scripts/Makefile.modinst:87: debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko] Error 1
> make[6]: *** Deleting file 'debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko'
> make[5]: *** [Makefile:1955: modules_install] Error 2
> make[4]: *** [scripts/Makefile.package:150: intdeb-pkg] Error 2
> make[3]: *** [Makefile:1657: intdeb-pkg] Error 2
> make[2]: *** [debian/rules:16: binary-arch] Error 2
> dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
> make[1]: *** [scripts/Makefile.package:139: bindeb-pkg] Error 2
> make: *** [Makefile:1657: bindeb-pkg] Error 2
>
> I have tried to enable NEXT crypto mode:
>
> % sudo update-crypto-policies --set NEXT
>
> and rebooted, but no use.
>
> Google also doesn't give a clue.
> I have been able to compile kernels on Ubuntu 22.04 LTS on my laptop just about a year ago.
Hi all,
There was no success in building 6.3+ with the Ubuntu generic config, but it has succeeded
with the config derived from Debian one.
Still, it would be interesting to find what is preventing the Ubuntu config from signing the
kernel modules. Up to that point the build process is fine.
Best regards,
Mirsad
--
Mirsad Todorovac
System engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
Sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUILD] [FOUND WORKAROUND] Unable to sign drivers on Ubuntu 22.04 LTS desktop
2023-05-05 9:00 ` [BUILD] [FOUND WORKAROUND] " Mirsad Goran Todorovac
@ 2023-05-05 12:45 ` Bagas Sanjaya
0 siblings, 0 replies; 5+ messages in thread
From: Bagas Sanjaya @ 2023-05-05 12:45 UTC (permalink / raw)
To: Mirsad Goran Todorovac, Mirsad Goran Todorovac
Cc: linux-kernel, Linux Kernel Build System, Masahiro Yamada
On 5/5/23 16:00, Mirsad Goran Todorovac wrote:
> Hi all,
>
> There was no success in building 6.3+ with the Ubuntu generic config, but it has succeeded
> with the config derived from Debian one.
>
> Still, it would be interesting to find what is preventing the Ubuntu config from signing the
> kernel modules. Up to that point the build process is fine.
>
You will need to see Documentation/admin-guide/module-signing.rst.
Especially on "Generating signing keys", there are instructions on
generating your own signing key, because in most cases you don't
have access to signing keys from your distribution.
Anyway, when you have problems related to building kernel, always
Cc: linux-kbuild list.
Thanks.
--
An old man doll... just what I always wanted! - Clara
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUILD] Unable to sign drivers on Ubuntu 22.04 LTS desktop
2023-05-04 17:02 [BUILD] Unable to sign drivers on Ubuntu 22.04 LTS desktop Mirsad Goran Todorovac
2023-05-05 9:00 ` [BUILD] [FOUND WORKAROUND] " Mirsad Goran Todorovac
@ 2023-05-05 13:46 ` Bagas Sanjaya
2023-05-05 20:07 ` Mirsad Goran Todorovac
1 sibling, 1 reply; 5+ messages in thread
From: Bagas Sanjaya @ 2023-05-05 13:46 UTC (permalink / raw)
To: Mirsad Goran Todorovac
Cc: Linux Kernel Mailing List, Peter Zijlstra, Ingo Molnar,
Arnaldo Carvalho de Melo, Mark Rutland, Alexander Shishkin,
Jiri Olsa, Namhyung Kim, Ian Rogers, Adrian Hunter,
Thomas Gleixner, Borislav Petkov, Dave Hansen,
Linux x86 Architecture, H. Peter Anvin, Linux perf users,
Linux Kernel Build System, Masahiro Yamada
[-- Attachment #1: Type: text/plain, Size: 974 bytes --]
On Thu, May 04, 2023 at 07:02:57PM +0200, Mirsad Goran Todorovac wrote:
> Hi Bagas,
>
> I seem to have run into a dead end with this.
>
> OpenSSL 3.0.2 refuses to cooperate, despite enabling legacy ciphers:
>
> BTF [M] net/nsh/nsh.ko
> BTF [M] net/hsr/hsr.ko
> make -f ./Makefile ARCH=x86 KERNELRELEASE=6.3.0+ intdeb-pkg
> sh ./scripts/package/builddeb
> INSTALL debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
> SIGN debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
> At main.c:170:
> - SSL error:1E08010C:DECODER routines::unsupported:
> ../crypto/encode_decode/decoder_lib.c:101
I didn't find any errors using self-compiled OpenSSL 3.1.0. I installed the
library to `/tmp/openssl` and specify
`KCFLAGS=-L/tmp/openssl/lib -I/tmp/openssl/include` when building bindeb-pkgs.
Am I missing something?
--
An old man doll... just what I always wanted! - Clara
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [BUILD] Unable to sign drivers on Ubuntu 22.04 LTS desktop
2023-05-05 13:46 ` [BUILD] " Bagas Sanjaya
@ 2023-05-05 20:07 ` Mirsad Goran Todorovac
0 siblings, 0 replies; 5+ messages in thread
From: Mirsad Goran Todorovac @ 2023-05-05 20:07 UTC (permalink / raw)
To: Bagas Sanjaya, Mirsad Goran Todorovac
Cc: Linux Kernel Mailing List, Peter Zijlstra, Ingo Molnar,
Arnaldo Carvalho de Melo, Mark Rutland, Alexander Shishkin,
Jiri Olsa, Namhyung Kim, Ian Rogers, Adrian Hunter,
Thomas Gleixner, Borislav Petkov, Dave Hansen,
Linux x86 Architecture, H. Peter Anvin, Linux perf users,
Linux Kernel Build System, Masahiro Yamada
On 05. 05. 2023. 15:46, Bagas Sanjaya wrote:
> On Thu, May 04, 2023 at 07:02:57PM +0200, Mirsad Goran Todorovac wrote:
>> Hi Bagas,
>>
>> I seem to have run into a dead end with this.
>>
>> OpenSSL 3.0.2 refuses to cooperate, despite enabling legacy ciphers:
>>
>> BTF [M] net/nsh/nsh.ko
>> BTF [M] net/hsr/hsr.ko
>> make -f ./Makefile ARCH=x86 KERNELRELEASE=6.3.0+ intdeb-pkg
>> sh ./scripts/package/builddeb
>> INSTALL debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
>> SIGN debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
>> At main.c:170:
>> - SSL error:1E08010C:DECODER routines::unsupported:
>> ../crypto/encode_decode/decoder_lib.c:101
> I didn't find any errors using self-compiled OpenSSL 3.1.0. I installed the
> library to `/tmp/openssl` and specify
> `KCFLAGS=-L/tmp/openssl/lib -I/tmp/openssl/include` when building bindeb-pkgs.
> Am I missing something?
Dear Mr. Bagas,
I have mistakenly deleted the
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
to
CONFIG_MODULE_SIG_KEY=""
so I got these strange errors, which made me believe that OpenSSL 3.0.1
disabled some encryptions and hashes.
I suspected it was the problem with the FIPS mode not installed in the
stock Ubuntu 22.04 LTS library, but I have to admit before so many
people that it was this stupid mistake which I found out by looking up
Debian config.
IOW, false alarm.
Ubuntu config with FIPS mode OpenSSL 3.1.0 works, however, I have
rebuilt with the default OpenSSL 3.0.1 and the error was bisected to the
missing .PEM.
Best regards,
Mirsad
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-05-05 20:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-04 17:02 [BUILD] Unable to sign drivers on Ubuntu 22.04 LTS desktop Mirsad Goran Todorovac
2023-05-05 9:00 ` [BUILD] [FOUND WORKAROUND] " Mirsad Goran Todorovac
2023-05-05 12:45 ` Bagas Sanjaya
2023-05-05 13:46 ` [BUILD] " Bagas Sanjaya
2023-05-05 20:07 ` Mirsad Goran Todorovac
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).