Re: [BUILD] Unable to sign drivers on Ubuntu 22.04 LTS desktop

[Mirsad Goran Todorovac]

On 05. 05. 2023. 15:46, Bagas Sanjaya wrote:

> On Thu, May 04, 2023 at 07:02:57PM +0200, Mirsad Goran Todorovac wrote:
> > Hi Bagas,
> >
> > I seem to have run into a dead end with this.
> >
> > OpenSSL 3.0.2 refuses to cooperate, despite enabling legacy ciphers:
> >
> >    BTF [M] net/nsh/nsh.ko
> >    BTF [M] net/hsr/hsr.ko
> > make -f ./Makefile ARCH=x86     KERNELRELEASE=6.3.0+ intdeb-pkg
> > sh ./scripts/package/builddeb
> >    INSTALL debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
> >    SIGN debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
> > At main.c:170:
> > - SSL error:1E08010C:DECODER routines::unsupported:
> > ../crypto/encode_decode/decoder_lib.c:101
> I didn't find any errors using self-compiled OpenSSL 3.1.0. I installed the
> library to `/tmp/openssl` and specify
> `KCFLAGS=-L/tmp/openssl/lib -I/tmp/openssl/include` when building bindeb-pkgs.
> Am I missing something?

Dear Mr. Bagas,

I have mistakenly deleted the

CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"

to

CONFIG_MODULE_SIG_KEY=""

so I got these strange errors, which made me believe that OpenSSL 3.0.1 
disabled some encryptions and hashes.

I suspected it was the problem with the FIPS mode not installed in the 
stock Ubuntu 22.04 LTS library, but I have to admit before so many 
people that it was this stupid mistake which I found out by looking up 
Debian config.

IOW, false alarm.

Ubuntu config with FIPS mode OpenSSL 3.1.0 works, however, I have 
rebuilt with the default OpenSSL 3.0.1 and the error was bisected to the 
missing .PEM.

Best regards,
Mirsad