Module signing broken after SYSTEM_DATA_VERIFICATION commit?

From: Valdis Kletnieks
Date: Thu Aug 27 2015 - 22:39:17 EST

Next message: Peter Chen: "Re: [PATCH 1/2] usb: chipidea: add xilinx zynq platform data"
Previous message: Daniel Kurtz: "Re: [PATCH 1/3] dt-bindings: thermal: Add binding document for Mediatek thermal controller"
Next in thread: David Howells: "Re: Module signing broken after SYSTEM_DATA_VERIFICATION commit?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I build kernels with MODULE_SIG=y, MODULE_SIG_FORCE=n (for build and run
coverage, but it shouldn't dork my system if it breaks). next-20150810
works just fine, but next-20150826 breaks modprobe - all calls to it
drop this in the dmesg:

[ 31.829322] PKCS7: Unknown OID: [32] 2.16.840.1.101.3.4.2.3
[ 31.829328] PKCS7: Unknown OID: [180] 2.16.840.1.101.3.4.2.3
[ 31.829330] Unsupported digest algo: 55

and the modprobe fails.

This looks like the most suspicious commit in the area:

commit 091f6e26eb326adbd718f406e440c838bed8ebb6
Author: David Howells <dhowells@xxxxxxxxxx>
Date: Mon Jul 20 21:16:28 2015 +0100

MODSIGN: Extract the blob PKCS#7 signature verifier from module signing

though it could be something else equally recent. Is this ringing any
bells, or should I go bisect it?

Attachment: pgpsmB7vV_MPn.pgp
Description: PGP signature

Next message: Peter Chen: "Re: [PATCH 1/2] usb: chipidea: add xilinx zynq platform data"
Previous message: Daniel Kurtz: "Re: [PATCH 1/3] dt-bindings: thermal: Add binding document for Mediatek thermal controller"
Next in thread: David Howells: "Re: Module signing broken after SYSTEM_DATA_VERIFICATION commit?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]