Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Module signature verification issues on Ubuntu 16.04 LTS #152

Closed
luveti opened this issue Aug 19, 2016 · 4 comments
Closed

Module signature verification issues on Ubuntu 16.04 LTS #152

luveti opened this issue Aug 19, 2016 · 4 comments

Comments

@luveti
Copy link

luveti commented Aug 19, 2016
edited
Loading

When running sudo make install in the darling/src/lkm directory I get the following error:

make -C /lib/modules/4.4.0-34-generic/build M=/home/cam/darling/src/lkm modules_install
make[1]: Entering directory '/usr/src/linux-headers-4.4.0-34-generic'
  INSTALL /home/cam/darling/src/lkm/darling-mach.ko
At main.c:222:
- SSL error:02001002:system library:fopen:No such file or directory: bss_file.c:175
- SSL error:2006D080:BIO routines:BIO_new_file:no such file: bss_file.c:178
sign-file: certs/signing_key.pem: No such file or directory
  DEPMOD  4.4.0-34-generic
make[1]: Leaving directory '/usr/src/linux-headers-4.4.0-34-generic'

I looked into this, and according to this issue that another project was having, Ubuntu now uses Linux signed kernel modules. I'm assuming you guys already know about this though! :) As you're building darling on 16.04 on your teamcity ci.

Could you point me in the right direction as to how to get this working? I'm going to continue fiddling around with it, and see about making a pull request documentation wise if I figure something out :)
@luveti
Copy link
Author

luveti commented Aug 19, 2016

It looks like some sort of combination of calling sudo update-initramfs -u -k all and using insmod instead of modprobe when loading the module did the trick. I'll have to verify this tomorrow by doing a fresh install. In case anyone else has this same issue, here is the command I replaced the modprobe darling-mach call with:

sudo insmod /lib/modules/4.4.0-34-generic/extra/darling-mach.ko

@LubosD
Copy link
Member

LubosD commented Aug 19, 2016

Darling is being built in 16.04, but not the kernel module, because the 16.04 is just a Docker container running on Gentoo :-)

But what you're showing is not a build failure; it just means the module couldn't be signed. It is up to the user how he deals with loading unsigned modules or signing them somehow, as there is no single good way (e.g. I'd feel bad if I started suggesting to disable validation completely).

@luveti
Copy link
Author

luveti commented Aug 20, 2016

Ahh.. thanks for the heads up! It looks like you actually mention this on the website on the build instructions page. I'll look into just disabling it!

@luveti luveti closed this as completed Aug 20, 2016
@betolink betolink mentioned this issue Sep 28, 2016
Closed
@HefnySco
Copy link

I guess you can use this:
https://help.ubuntu.com/community/DKMS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@LubosD @HefnySco @luveti