Bug#935945: Add patch
tags 935945 + patch
thanks
I've finally managed to get the time to do the mok dance and test this
patch, I can confirm it fixes this bug.
I have updated the patch to close this bug in the debian/changelog and
created a Merge Request here:
https://salsa.debian.org/kernel-team/linux/merge_requests/177
as you can see in the following log i've built a kernel signed with my
mok key: 8b6895ea20ac18cf58b558b8367eabd6400d021d and was able to build
and insmod a module signed by a newly created Test Key:
4cd5c2c83a310e6d579d55511a554610481e7a54 that lives only in the
.platform keyring
┌[~/mok/mok2]
└[cochabamba] sudo keyctl show -x %:.builtin_trusted_keys 11:23:02
Keyring
0x23f53761 ---lswrv 0 0 keyring: .builtin_trusted_keys
0x3140da79 ---lswrv 0 0 \_ asymmetric: Niv Sardi: 8b6895ea20ac18cf58b558b8367eabd6400d021d
0x01e9fad1 ---lswrv 0 0 \_ asymmetric: Debian Secure Boot Signer: 00a7468def
0x11bd6209 ---lswrv 0 0 \_ asymmetric: Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
┌[~/mok/mok2]
└[cochabamba] sudo keyctl show -x %:.platform 11:23:03
Keyring
0x1e71f408 ---lswrv 0 0 keyring: .platform
0x29f6f98b ---lswrv 0 0 \_ asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53
0x3f687f0a ---lswrv 0 0 \_ asymmetric: Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1
0x0b1fbe3b ---lswrv 0 0 \_ asymmetric: Test Key: 4cd5c2c83a310e6d579d55511a554610481e7a54
0x03ab3e26 ---lswrv 0 0 \_ asymmetric: Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63
0x0fafa6b4 ---lswrv 0 0 \_ asymmetric: Niv Sardi: 8b6895ea20ac18cf58b558b8367eabd6400d021d
0x04ad134e ---lswrv 0 0 \_ asymmetric: : 6e4c5e40f58b7aad499ef717e69bc28d
0x0e4d3559 ---lswrv 0 0 \_ asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4
┌[~/mok/mok2]
└[cochabamba] hexdump -C wireguard.ko |tail -24 11:23:07
00053be0 54 65 73 74 20 4b 65 79 02 14 00 c5 e0 a1 ae 53 |Test Key.......S|
00053bf0 9b 37 c2 3d 84 40 1f 7d 4c bf 8d 2f 99 78 30 0b |.7.=.@.}L../.x0.|
00053c00 06 09 60 86 48 01 65 03 04 02 01 30 0d 06 09 2a |..`.H.e....0...*|
00053c10 86 48 86 f7 0d 01 01 01 05 00 04 82 01 00 6c fb |.H............l.|
00053c20 bb bc 13 9f cb 83 42 0f db 95 72 b4 1f b3 78 40 |......B...r...x@|
00053c30 5c 9e 57 1f e9 44 b6 7c da de 4a 9a 27 2c 01 12 |\.W..D.|..J.',..|
00053c40 72 ef 66 a6 ff ea ec 65 1d cc f4 89 37 47 70 6b |r.f....e....7Gpk|
00053c50 52 62 49 ef e0 01 ab 0a 1c af b7 c8 68 e5 aa 29 |RbI.........h..)|
00053c60 42 92 be da b0 78 e2 7e 25 97 b9 b6 be 07 69 eb |B....x.~%.....i.|
00053c70 dd 51 36 ce 2c 22 fc 3d 60 6c ff ba c1 03 ad c4 |.Q6.,".=`l......|
00053c80 8b e2 39 a4 87 d2 27 38 21 ce 33 e6 80 51 ad a1 |..9...'8!.3..Q..|
00053c90 b4 8d 55 10 6b 3d fc b5 d6 c7 61 1b 10 bf 61 a9 |..U.k=....a...a.|
00053ca0 b1 2a 13 56 4a 48 f8 9b 20 fb 94 85 fe 79 75 63 |.*.VJH.. ....yuc|
00053cb0 2c b0 72 d0 74 8c 5e 45 8e 4f 27 47 fa 37 62 ce |,.r.t.^E.O'G.7b.|
00053cc0 ae 9d 18 f8 ef 2c 47 4b 92 01 4e 1e d5 b5 9a f0 |.....,GK..N.....|
00053cd0 d7 c0 47 f0 08 2c 5e d5 4a 12 24 7e 48 9a 9b 55 |..G..,^.J.$~H..U|
00053ce0 4e 93 a7 e4 ec 8b c1 f3 b8 c9 e1 98 c8 54 b2 0e |N............T..|
00053cf0 8b e0 47 e4 3c c8 ff 84 ac c2 b8 74 f7 24 10 41 |..G.<......t.$.A|
00053d00 6c 09 82 e1 a1 67 a2 7a 3b 95 0a 81 b7 67 9f 6d |l....g.z;....g.m|
00053d10 c5 9e 12 cf a2 16 b5 d6 f3 71 e8 e4 0e 0a 00 00 |.........q......|
00053d20 02 00 00 00 00 00 00 00 01 8e 7e 4d 6f 64 75 6c |..........~Modul|
00053d30 65 20 73 69 67 6e 61 74 75 72 65 20 61 70 70 65 |e signature appe|
00053d40 6e 64 65 64 7e 0a |nded~.|
00053d46
Reply to: