Re: [BUILD] Unable to sign drivers on Ubuntu 22.04 LTS desktop

Re: [BUILD] Unable to sign drivers on Ubuntu 22.04 LTS desktop

[Bagas Sanjaya]

[-- Attachment #1: Type: text/plain, Size: 974 bytes --]

On Thu, May 04, 2023 at 07:02:57PM +0200, Mirsad Goran Todorovac wrote:
> Hi Bagas,
> 
> I seem to have run into a dead end with this.
> 
> OpenSSL 3.0.2 refuses to cooperate, despite enabling legacy ciphers:
> 
>   BTF [M] net/nsh/nsh.ko
>   BTF [M] net/hsr/hsr.ko
> make -f ./Makefile ARCH=x86     KERNELRELEASE=6.3.0+ intdeb-pkg
> sh ./scripts/package/builddeb
>   INSTALL debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
>   SIGN debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
> At main.c:170:
> - SSL error:1E08010C:DECODER routines::unsupported:
> ../crypto/encode_decode/decoder_lib.c:101

I didn't find any errors using self-compiled OpenSSL 3.1.0. I installed the
library to `/tmp/openssl` and specify
`KCFLAGS=-L/tmp/openssl/lib -I/tmp/openssl/include` when building bindeb-pkgs.
Am I missing something?

-- 
An old man doll... just what I always wanted! - Clara

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

Re: [BUILD] Unable to sign drivers on Ubuntu 22.04 LTS desktop

[Mirsad Goran Todorovac]

On 05. 05. 2023. 15:46, Bagas Sanjaya wrote:

> On Thu, May 04, 2023 at 07:02:57PM +0200, Mirsad Goran Todorovac wrote:
>> Hi Bagas,
>>
>> I seem to have run into a dead end with this.
>>
>> OpenSSL 3.0.2 refuses to cooperate, despite enabling legacy ciphers:
>>
>>    BTF [M] net/nsh/nsh.ko
>>    BTF [M] net/hsr/hsr.ko
>> make -f ./Makefile ARCH=x86     KERNELRELEASE=6.3.0+ intdeb-pkg
>> sh ./scripts/package/builddeb
>>    INSTALL debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
>>    SIGN debian/linux-image/lib/modules/6.3.0+/kernel/arch/x86/events/intel/intel-cstate.ko
>> At main.c:170:
>> - SSL error:1E08010C:DECODER routines::unsupported:
>> ../crypto/encode_decode/decoder_lib.c:101
> I didn't find any errors using self-compiled OpenSSL 3.1.0. I installed the
> library to `/tmp/openssl` and specify
> `KCFLAGS=-L/tmp/openssl/lib -I/tmp/openssl/include` when building bindeb-pkgs.
> Am I missing something?

Dear Mr. Bagas,

I have mistakenly deleted the

CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"

to

CONFIG_MODULE_SIG_KEY=""

so I got these strange errors, which made me believe that OpenSSL 3.0.1 
disabled some encryptions and hashes.

I suspected it was the problem with the FIPS mode not installed in the 
stock Ubuntu 22.04 LTS library, but I have to admit before so many 
people that it was this stupid mistake which I found out by looking up 
Debian config.

IOW, false alarm.

Ubuntu config with FIPS mode OpenSSL 3.1.0 works, however, I have 
rebuilt with the default OpenSSL 3.0.1 and the error was bisected to the 
missing .PEM.

Best regards,
Mirsad