|Summary:||padlock-sha makes kernel module signature verifications fail|
|Product:||[Fedora] Fedora||Reporter:||Andreas Jaekel <jaekel>|
|Component:||kernel||Assignee:||Kernel Maintainer List <kernel-maint>|
|Status:||CLOSED NEXTRELEASE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-02-23 03:50:05 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Andreas Jaekel 2008-02-21 09:44:19 UTC
Description of problem: I have a VIA EPIA SN10000EG board which has a build in hardware cryptography module that VIA calls Padlock. It is supported by Linux via the padlock-aes and padlock-sha modules. Loading the padlock-sha module makes loading other modules later on fail with a signature verification error. Version-Release number of selected component (if applicable): Freshly installed Fedora Core 8 with all updates applied via "yum update". How reproducible: Reproducing it might require the exact same model of motherboard - I suspect the error might have show up earlier if it was a general problem with Padlock, and the SN10000EG is fairly new. See "Steps" below. Steps to Reproduce: [root@panther ~]# modprobe usb_storage [root@panther ~]# dmesg | tail -1 USB Mass Storage support registered. [root@panther ~]# rmmod usb_storage [root@panther ~]# modprobe padlock-sha [root@panther ~]# modprobe usb_storage FATAL: Error inserting usb_storage (/lib/modules/18.104.22.168-137.fc8/kernel/drivers/usb/storage/usb-storage.ko): Key was rejected by service [root@panther ~]# dmesg | tail -1 Module signature verification failed [root@panther ~]# rmmod padlock-sha [root@panther ~]# modprobe usb_storage [root@panther ~]# dmesg | tail -1 usb-storage: device scan complete [root@panther ~]# Additional info: I can run supplied test software on the mashine, or provide additional debugging information. I'm a developer, so I'm not scared of debuggers and compilers. Tell me what you need.
Comment 1 Andreas Jaekel 2008-02-21 09:48:38 UTC
I would like to add that the padlock-aes module works fine on the same computer. I have an encrypted filesystem that I can read and write with and without padlock-aes. The only notable difference is that using padlock-aes makes the filesystem I/O faster by a factor of five. I take that to mean that the Padlock engine is generally functional.
Comment 2 Chuck Ebbert 2008-02-22 04:36:34 UTC
This is a known problem and is "fixed" in Fedora 9 because the module signing has been removed.
Comment 3 Chuck Ebbert 2008-02-23 03:50:05 UTC
Closing as NEXTRELEASE.