Bug 1290333 - EFI: Problem loading in-kernel X.509 certificate (-34) / (-74)
EFI: Problem loading in-kernel X.509 certificate (-34) / (-74)
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
24
x86_64 Linux
unspecified Severity medium
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-10 04:16 EST by teppot
Modified: 2017-04-21 01:41 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-10-26 12:58:56 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
db variable (3.97 KB, application/octet-stream)
2015-12-11 10:01 EST, teppot
no flags Details
First X.509 cert extracted (1.46 KB, application/octet-stream)
2015-12-11 10:12 EST, David Howells
no flags Details
Second X.509 cert extracted (1.52 KB, application/octet-stream)
2015-12-11 10:13 EST, David Howells
no flags Details
Third X.509 cert extracted (870 bytes, application/octet-stream)
2015-12-11 10:13 EST, David Howells
no flags Details
dbx variable (1.16 KB, application/octet-stream)
2015-12-11 10:20 EST, teppot
no flags Details
First X.509 cert extracted from DBX (1.11 KB, application/octet-stream)
2015-12-11 12:13 EST, David Howells
no flags Details

  None (edit)
Description teppot 2015-12-10 04:16:19 EST
With Secure Boot enabled, I get this:

[    0.504328] Loaded X.509 cert 'Fedora kernel signing key: 4695b0c57273084447bac07e5df135964f60e7e1'
[    0.504481] EFI: Loaded cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' linked to '.system_keyring'
[    0.504494] EFI: Loaded cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' linked to '.system_keyring'
[    0.504814] EFI: Problem loading in-kernel X.509 certificate (-34)
[    0.505217] EFI: Loaded cert 'Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to '.system_keyring'
[    0.505295] EFI: Problem loading in-kernel X.509 certificate (-74)

I'm using a Samsung ATIV Book 9 NP900X3G laptop and the 4.2.6-301.fc23.x86_64 kernel.
Comment 1 Josh Boyer 2015-12-10 08:14:50 EST
Does it happen with other kernels as well?
Comment 2 teppot 2015-12-10 08:42:45 EST
(In reply to Josh Boyer from comment #1)
> Does it happen with other kernels as well?
Yes, I noticed this already on Fedora 22 but didn't remember to report it then.
Comment 3 Josh Boyer 2015-12-10 08:58:56 EST
-34 is 'bad range' and -74 is 'bad message'.  You seem to have certificates in your firmware that the in-kernel X.509 parser doesn't like.  Can you provide the output of 'hexdump -C /sys/firmware/efi/efivars/db-*' please?
Comment 4 Josh Boyer 2015-12-10 08:59:30 EST
Also, these messages shouldn't really impact you in any way.  They are mostly informative.
Comment 5 David Howells 2015-12-10 09:58:44 EST
The -34 (-ERANGE) line suggests that RSA_I2OSP() found that the hash size didn't match the signature size.

The -74 (-EBADMSG) line could be from any one of a host of checks.

Without seeing the certificate it's hard to say, though.
Comment 6 teppot 2015-12-10 11:19:28 EST
$ hexdump -C /sys/firmware/efi/efivars/db-*
00000000  27 00 00 00 a1 59 c0 a5  e4 94 a7 4a 87 b5 ab 15  |'....Y.....J....|
00000010  5c 2b f0 72 07 06 00 00  00 00 00 00 eb 05 00 00  |\+.r............|
00000020  bd 9a fa 77 59 03 32 4d  bd 60 28 f4 e7 8f 78 4b  |...wY.2M.`(...xK|
00000030  30 82 05 d7 30 82 03 bf  a0 03 02 01 02 02 0a 61  |0...0..........a|
00000040  07 76 56 00 00 00 00 00  08 30 0d 06 09 2a 86 48  |.vV......0...*.H|
00000050  86 f7 0d 01 01 0b 05 00  30 81 88 31 0b 30 09 06  |........0..1.0..|
00000060  03 55 04 06 13 02 55 53  31 13 30 11 06 03 55 04  |.U....US1.0...U.|
00000070  08 13 0a 57 61 73 68 69  6e 67 74 6f 6e 31 10 30  |...Washington1.0|
00000080  0e 06 03 55 04 07 13 07  52 65 64 6d 6f 6e 64 31  |...U....Redmond1|
00000090  1e 30 1c 06 03 55 04 0a  13 15 4d 69 63 72 6f 73  |.0...U....Micros|
000000a0  6f 66 74 20 43 6f 72 70  6f 72 61 74 69 6f 6e 31  |oft Corporation1|
000000b0  32 30 30 06 03 55 04 03  13 29 4d 69 63 72 6f 73  |200..U...)Micros|
000000c0  6f 66 74 20 52 6f 6f 74  20 43 65 72 74 69 66 69  |oft Root Certifi|
000000d0  63 61 74 65 20 41 75 74  68 6f 72 69 74 79 20 32  |cate Authority 2|
000000e0  30 31 30 30 1e 17 0d 31  31 31 30 31 39 31 38 34  |0100...111019184|
000000f0  31 34 32 5a 17 0d 32 36  31 30 31 39 31 38 35 31  |142Z..2610191851|
00000100  34 32 5a 30 81 84 31 0b  30 09 06 03 55 04 06 13  |42Z0..1.0...U...|
00000110  02 55 53 31 13 30 11 06  03 55 04 08 13 0a 57 61  |.US1.0...U....Wa|
00000120  73 68 69 6e 67 74 6f 6e  31 10 30 0e 06 03 55 04  |shington1.0...U.|
00000130  07 13 07 52 65 64 6d 6f  6e 64 31 1e 30 1c 06 03  |...Redmond1.0...|
00000140  55 04 0a 13 15 4d 69 63  72 6f 73 6f 66 74 20 43  |U....Microsoft C|
00000150  6f 72 70 6f 72 61 74 69  6f 6e 31 2e 30 2c 06 03  |orporation1.0,..|
00000160  55 04 03 13 25 4d 69 63  72 6f 73 6f 66 74 20 57  |U...%Microsoft W|
00000170  69 6e 64 6f 77 73 20 50  72 6f 64 75 63 74 69 6f  |indows Productio|
00000180  6e 20 50 43 41 20 32 30  31 31 30 82 01 22 30 0d  |n PCA 20110.."0.|
00000190  06 09 2a 86 48 86 f7 0d  01 01 01 05 00 03 82 01  |..*.H...........|
000001a0  0f 00 30 82 01 0a 02 82  01 01 00 dd 0c bb a2 e4  |..0.............|
000001b0  2e 09 e3 e7 c5 f7 96 69  bc 00 21 bd 69 33 33 ef  |.......i..!.i33.|
000001c0  ad 04 cb 54 80 ee 06 83  bb c5 20 84 d9 f7 d2 8b  |...T...... .....|
000001d0  f3 38 b0 ab a4 ad 2d 7c  62 79 05 ff e3 4a 3f 04  |.8....-|by...J?.|
000001e0  35 20 70 e3 c4 e7 6b e0  9c c0 36 75 e9 8a 31 dd  |5 p...k...6u..1.|
000001f0  8d 70 e5 dc 37 b5 74 46  96 28 5b 87 60 23 2c bf  |.p..7.tF.([.`#,.|
00000200  dc 47 a5 67 f7 51 27 9e  72 eb 07 a6 c9 b9 1e 3b  |.G.g.Q'.r......;|
00000210  53 35 7c e5 d3 ec 27 b9  87 1c fe b9 c9 23 09 6f  |S5|...'......#.o|
00000220  a8 46 91 c1 6e 96 3c 41  d3 cb a3 3f 5d 02 6a 4d  |.F..n.<A...?].jM|
00000230  ec 69 1f 25 28 5c 36 ff  fd 43 15 0a 94 e0 19 b4  |.i.%(\6..C......|
00000240  cf df c2 12 e2 c2 5b 27  ee 27 78 30 8b 5b 2a 09  |......['.'x0.[*.|
00000250  6b 22 89 53 60 16 2c c0  68 1d 53 ba ec 49 f3 9d  |k".S`.,.h.S..I..|
00000260  61 8c 85 68 09 73 44 5d  7d a2 54 2b dd 79 f7 15  |a..h.sD]}.T+.y..|
00000270  cf 35 5d 6c 1c 2b 5c ce  bc 9c 23 8b 6f 6e b5 26  |.5]l.+\...#.on.&|
00000280  d9 36 13 c3 4f d6 27 ae  b9 32 3b 41 92 2c e1 c7  |.6..O.'..2;A.,..|
00000290  cd 77 e8 aa 54 4e f7 5c  0b 04 87 65 b4 43 18 a8  |.w..TN.\...e.C..|
000002a0  b2 e0 6d 19 77 ec 5a 24  fa 48 03 02 03 01 00 01  |..m.w.Z$.H......|
000002b0  a3 82 01 43 30 82 01 3f  30 10 06 09 2b 06 01 04  |...C0..?0...+...|
000002c0  01 82 37 15 01 04 03 02  01 00 30 1d 06 03 55 1d  |..7.......0...U.|
000002d0  0e 04 16 04 14 a9 29 02  39 8e 16 c4 97 78 cd 90  |......).9....x..|
000002e0  f9 9e 4f 9a e1 7c 55 af  53 30 19 06 09 2b 06 01  |..O..|U.S0...+..|
000002f0  04 01 82 37 14 02 04 0c  1e 0a 00 53 00 75 00 62  |...7.......S.u.b|
00000300  00 43 00 41 30 0b 06 03  55 1d 0f 04 04 03 02 01  |.C.A0...U.......|
00000310  86 30 0f 06 03 55 1d 13  01 01 ff 04 05 30 03 01  |.0...U.......0..|
00000320  01 ff 30 1f 06 03 55 1d  23 04 18 30 16 80 14 d5  |..0...U.#..0....|
00000330  f6 56 cb 8f e8 a2 5c 62  68 d1 3d 94 90 5b d7 ce  |.V....\bh.=..[..|
00000340  9a 18 c4 30 56 06 03 55  1d 1f 04 4f 30 4d 30 4b  |...0V..U...O0M0K|
00000350  a0 49 a0 47 86 45 68 74  74 70 3a 2f 2f 63 72 6c  |.I.G.Ehttp://crl|
00000360  2e 6d 69 63 72 6f 73 6f  66 74 2e 63 6f 6d 2f 70  |.microsoft.com/p|
00000370  6b 69 2f 63 72 6c 2f 70  72 6f 64 75 63 74 73 2f  |ki/crl/products/|
00000380  4d 69 63 52 6f 6f 43 65  72 41 75 74 5f 32 30 31  |MicRooCerAut_201|
00000390  30 2d 30 36 2d 32 33 2e  63 72 6c 30 5a 06 08 2b  |0-06-23.crl0Z..+|
000003a0  06 01 05 05 07 01 01 04  4e 30 4c 30 4a 06 08 2b  |........N0L0J..+|
000003b0  06 01 05 05 07 30 02 86  3e 68 74 74 70 3a 2f 2f  |.....0..>http://|
000003c0  77 77 77 2e 6d 69 63 72  6f 73 6f 66 74 2e 63 6f  |www.microsoft.co|
000003d0  6d 2f 70 6b 69 2f 63 65  72 74 73 2f 4d 69 63 52  |m/pki/certs/MicR|
000003e0  6f 6f 43 65 72 41 75 74  5f 32 30 31 30 2d 30 36  |ooCerAut_2010-06|
000003f0  2d 32 33 2e 63 72 74 30  0d 06 09 2a 86 48 86 f7  |-23.crt0...*.H..|
00000400  0d 01 01 0b 05 00 03 82  02 01 00 14 fc 7c 71 51  |.............|qQ|
00000410  a5 79 c2 6e b2 ef 39 3e  bc 3c 52 0f 6e 2b 3f 10  |.y.n..9>.<R.n+?.|
00000420  13 73 fe a8 68 d0 48 a6  34 4d 8a 96 05 26 ee 31  |.s..h.H.4M...&.1|
00000430  46 90 61 79 d6 ff 38 2e  45 6b f4 c0 e5 28 b8 da  |F.ay..8.Ek...(..|
00000440  1d 8f 8a db 09 d7 1a c7  4c 0a 36 66 6a 8c ec 1b  |........L.6fj...|
00000450  d7 04 90 a8 18 17 a4 9b  b9 e2 40 32 36 76 c4 c1  |..........@26v..|
00000460  5a c6 bf e4 04 c0 ea 16  d3 ac c3 68 ef 62 ac dd  |Z..........h.b..|
00000470  54 6c 50 30 58 a6 eb 7c  fe 94 a7 4e 8e f4 ec 7c  |TlP0X..|...N...||
00000480  86 73 57 c2 52 21 73 34  5a f3 a3 8a 56 c8 04 da  |.sW.R!s4Z...V...|
00000490  07 09 ed f8 8b e3 ce f4  7e 8e ae f0 f6 0b 8a 08  |........~.......|
000004a0  fb 3f c9 1d 72 7f 53 b8  eb be 63 e0 e3 3d 31 65  |.?..r.S...c..=1e|
000004b0  b0 81 e5 f2 ac cd 16 a4  9f 3d a8 b1 9b c2 42 d0  |.........=....B.|
000004c0  90 84 5f 54 1d ff 89 ea  ba 1d 47 90 6f b0 73 4e  |.._T......G.o.sN|
000004d0  41 9f 40 9f 5f e5 a1 2a  b2 11 91 73 8a 21 28 f0  |A.@._..*...s.!(.|
000004e0  ce de 73 39 5f 3e ab 5c  60 ec df 03 10 a8 d3 09  |..s9_>.\`.......|
000004f0  e9 f4 f6 96 85 b6 7f 51  88 66 47 19 8d a2 b0 12  |.......Q.fG.....|
00000500  3d 81 2a 68 05 77 bb 91  4c 62 7b b6 c1 07 c7 ba  |=.*h.w..Lb{.....|
00000510  7a 87 34 03 0e 4b 62 7a  99 e9 ca fc ce 4a 37 c9  |z.4..Kbz.....J7.|
00000520  2d a4 57 7c 1c fe 3d dc  b8 0f 5a fa d6 c4 b3 02  |-.W|..=...Z.....|
00000530  85 02 3a ea b3 d9 6e e4  69 21 37 de 81 d1 f6 75  |..:...n.i!7....u|
00000540  19 05 67 d3 93 57 5e 29  1b 39 c8 ee 2d e1 cd e4  |..g..W^).9..-...|
00000550  45 73 5b d0 d2 ce 7a ab  16 19 82 46 58 d0 5e 9d  |Es[...z....FX.^.|
00000560  81 b3 67 af 6c 35 f2 bc  e5 3f 24 e2 35 a2 0a 75  |..g.l5...?$.5..u|
00000570  06 f6 18 56 99 d4 78 2c  d1 05 1b eb d0 88 01 9d  |...V..x,........|
00000580  aa 10 f1 05 df ba 7e 2c  63 b7 06 9b 23 21 c4 f9  |......~,c...#!..|
00000590  78 6c e2 58 17 06 36 2b  91 12 03 cc a4 d9 f2 2d  |xl.X..6+.......-|
000005a0  ba f9 94 9d 40 ed 18 45  f1 ce 8a 5c 6b 3e ab 03  |....@..E...\k>..|
000005b0  d3 70 18 2a 0a 6a e0 5f  47 d1 d5 63 0a 32 f2 af  |.p.*.j._G..c.2..|
000005c0  d7 36 1f 2a 70 5a e5 42  59 08 71 4b 57 ba 7e 83  |.6.*pZ.BY.qKW.~.|
000005d0  81 f0 21 3c f4 1c c1 c5  b9 90 93 0e 88 45 93 86  |..!<.........E..|
000005e0  e9 b1 20 99 be 98 cb c5  95 a4 5d 62 d6 a0 63 08  |.. .......]b..c.|
000005f0  20 bd 75 10 77 7d 3d f3  45 b9 9f 97 9f cb 57 80  | .u.w}=.E.....W.|
00000600  6f 33 a9 04 cf 77 a4 62  1c 59 7e a1 59 c0 a5 e4  |o3...w.b.Y~.Y...|
00000610  94 a7 4a 87 b5 ab 15 5c  2b f0 72 40 06 00 00 00  |..J....\+.r@....|
00000620  00 00 00 24 06 00 00 bd  9a fa 77 59 03 32 4d bd  |...$......wY.2M.|
00000630  60 28 f4 e7 8f 78 4b 30  82 06 10 30 82 03 f8 a0  |`(...xK0...0....|
00000640  03 02 01 02 02 0a 61 08  d3 c4 00 00 00 00 00 04  |......a.........|
00000650  30 0d 06 09 2a 86 48 86  f7 0d 01 01 0b 05 00 30  |0...*.H........0|
00000660  81 91 31 0b 30 09 06 03  55 04 06 13 02 55 53 31  |..1.0...U....US1|
00000670  13 30 11 06 03 55 04 08  13 0a 57 61 73 68 69 6e  |.0...U....Washin|
00000680  67 74 6f 6e 31 10 30 0e  06 03 55 04 07 13 07 52  |gton1.0...U....R|
00000690  65 64 6d 6f 6e 64 31 1e  30 1c 06 03 55 04 0a 13  |edmond1.0...U...|
000006a0  15 4d 69 63 72 6f 73 6f  66 74 20 43 6f 72 70 6f  |.Microsoft Corpo|
000006b0  72 61 74 69 6f 6e 31 3b  30 39 06 03 55 04 03 13  |ration1;09..U...|
000006c0  32 4d 69 63 72 6f 73 6f  66 74 20 43 6f 72 70 6f  |2Microsoft Corpo|
000006d0  72 61 74 69 6f 6e 20 54  68 69 72 64 20 50 61 72  |ration Third Par|
000006e0  74 79 20 4d 61 72 6b 65  74 70 6c 61 63 65 20 52  |ty Marketplace R|
000006f0  6f 6f 74 30 1e 17 0d 31  31 30 36 32 37 32 31 32  |oot0...110627212|
00000700  32 34 35 5a 17 0d 32 36  30 36 32 37 32 31 33 32  |245Z..2606272132|
00000710  34 35 5a 30 81 81 31 0b  30 09 06 03 55 04 06 13  |45Z0..1.0...U...|
00000720  02 55 53 31 13 30 11 06  03 55 04 08 13 0a 57 61  |.US1.0...U....Wa|
00000730  73 68 69 6e 67 74 6f 6e  31 10 30 0e 06 03 55 04  |shington1.0...U.|
00000740  07 13 07 52 65 64 6d 6f  6e 64 31 1e 30 1c 06 03  |...Redmond1.0...|
00000750  55 04 0a 13 15 4d 69 63  72 6f 73 6f 66 74 20 43  |U....Microsoft C|
00000760  6f 72 70 6f 72 61 74 69  6f 6e 31 2b 30 29 06 03  |orporation1+0)..|
00000770  55 04 03 13 22 4d 69 63  72 6f 73 6f 66 74 20 43  |U..."Microsoft C|
00000780  6f 72 70 6f 72 61 74 69  6f 6e 20 55 45 46 49 20  |orporation UEFI |
00000790  43 41 20 32 30 31 31 30  82 01 22 30 0d 06 09 2a  |CA 20110.."0...*|
000007a0  86 48 86 f7 0d 01 01 01  05 00 03 82 01 0f 00 30  |.H.............0|
000007b0  82 01 0a 02 82 01 01 00  a5 08 6c 4c c7 45 09 6a  |..........lL.E.j|
000007c0  4b 0c a4 c0 87 7f 06 75  0c 43 01 54 64 e0 16 7f  |K......u.C.Td...|
000007d0  07 ed 92 7d 0b b2 73 bf  0c 0a c6 4a 45 61 a0 c5  |...}..s....JEa..|
000007e0  16 2d 96 d3 f5 2b a0 fb  4d 49 9b 41 80 90 3c b9  |.-...+..MI.A..<.|
000007f0  54 fd e6 bc d1 9d c4 a4  18 8a 7f 41 8a 5c 59 83  |T..........A.\Y.|
00000800  68 32 bb 8c 47 c9 ee 71  bc 21 4f 9a 8a 7c ff 44  |h2..G..q.!O..|.D|
00000810  3f 8d 8f 32 b2 26 48 ae  75 b5 ee c9 4c 1e 4a 19  |?..2.&H.u...L.J.|
00000820  7e e4 82 9a 1d 78 77 4d  0c b0 bd f6 0f d3 16 d3  |~....xwM........|
00000830  bc fa 2b a5 51 38 5d f5  fb ba db 78 02 db ff ec  |..+.Q8]....x....|
00000840  0a 1b 96 d5 83 b8 19 13  e9 b6 c0 7b 40 7b e1 1f  |...........{@{..|
00000850  28 27 c9 fa ef 56 5e 1c  e6 7e 94 7e c0 f0 44 b2  |('...V^..~.~..D.|
00000860  79 39 e5 da b2 62 8b 4d  bf 38 70 e2 68 24 14 c9  |y9...b.M.8p.h$..|
00000870  33 a4 08 37 d5 58 69 5e  d3 7c ed c1 04 53 08 e7  |3..7.Xi^.|...S..|
00000880  4e b0 2a 87 63 08 61 6f  63 15 59 ea b2 2b 79 d7  |N.*.c.aoc.Y..+y.|
00000890  0c 61 67 8a 5b fd 5e ad  87 7f ba 86 67 4f 71 58  |.ag.[.^.....gOqX|
000008a0  12 22 04 22 22 ce 8b ef  54 71 00 ce 50 35 58 76  |.".""...Tq..P5Xv|
000008b0  95 08 ee 6a b1 a2 01 d5  02 03 01 00 01 a3 82 01  |...j............|
000008c0  76 30 82 01 72 30 12 06  09 2b 06 01 04 01 82 37  |v0..r0...+.....7|
000008d0  15 01 04 05 02 03 01 00  01 30 23 06 09 2b 06 01  |.........0#..+..|
000008e0  04 01 82 37 15 02 04 16  04 14 f8 c1 6b b7 7f 77  |...7........k..w|
000008f0  53 4a f3 25 37 1d 4e a1  26 7b 0f 20 70 80 30 1d  |SJ.%7.N.&{. p.0.|
00000900  06 03 55 1d 0e 04 16 04  14 13 ad bf 43 09 bd 82  |..U.........C...|
00000910  70 9c 8c d5 4f 31 6e d5  22 98 8a 1b d4 30 19 06  |p...O1n."....0..|
00000920  09 2b 06 01 04 01 82 37  14 02 04 0c 1e 0a 00 53  |.+.....7.......S|
00000930  00 75 00 62 00 43 00 41  30 0b 06 03 55 1d 0f 04  |.u.b.C.A0...U...|
00000940  04 03 02 01 86 30 0f 06  03 55 1d 13 01 01 ff 04  |.....0...U......|
00000950  05 30 03 01 01 ff 30 1f  06 03 55 1d 23 04 18 30  |.0....0...U.#..0|
00000960  16 80 14 45 66 52 43 e1  7e 58 11 bf d6 4e 9e 23  |...EfRC.~X...N.#|
00000970  55 08 3b 3a 22 6a a8 30  5c 06 03 55 1d 1f 04 55  |U.;:"j.0\..U...U|
00000980  30 53 30 51 a0 4f a0 4d  86 4b 68 74 74 70 3a 2f  |0S0Q.O.M.Khttp:/|
00000990  2f 63 72 6c 2e 6d 69 63  72 6f 73 6f 66 74 2e 63  |/crl.microsoft.c|
000009a0  6f 6d 2f 70 6b 69 2f 63  72 6c 2f 70 72 6f 64 75  |om/pki/crl/produ|
000009b0  63 74 73 2f 4d 69 63 43  6f 72 54 68 69 50 61 72  |cts/MicCorThiPar|
000009c0  4d 61 72 52 6f 6f 5f 32  30 31 30 2d 31 30 2d 30  |MarRoo_2010-10-0|
000009d0  35 2e 63 72 6c 30 60 06  08 2b 06 01 05 05 07 01  |5.crl0`..+......|
000009e0  01 04 54 30 52 30 50 06  08 2b 06 01 05 05 07 30  |..T0R0P..+.....0|
000009f0  02 86 44 68 74 74 70 3a  2f 2f 77 77 77 2e 6d 69  |..Dhttp://www.mi|
00000a00  63 72 6f 73 6f 66 74 2e  63 6f 6d 2f 70 6b 69 2f  |crosoft.com/pki/|
00000a10  63 65 72 74 73 2f 4d 69  63 43 6f 72 54 68 69 50  |certs/MicCorThiP|
00000a20  61 72 4d 61 72 52 6f 6f  5f 32 30 31 30 2d 31 30  |arMarRoo_2010-10|
00000a30  2d 30 35 2e 63 72 74 30  0d 06 09 2a 86 48 86 f7  |-05.crt0...*.H..|
00000a40  0d 01 01 0b 05 00 03 82  02 01 00 35 08 42 ff 30  |...........5.B.0|
00000a50  cc ce f7 76 0c ad 10 68  58 35 29 46 32 76 27 7c  |...v...hX5)F2v'||
00000a60  ef 12 41 27 42 1b 4a aa  6d 81 38 48 59 13 55 f3  |..A'B.J.m.8HY.U.|
00000a70  e9 58 34 a6 16 0b 82 aa  5d ad 82 da 80 83 41 06  |.X4.....].....A.|
00000a80  8f b4 1d f2 03 b9 f3 1a  5d 1b f1 50 90 f9 b3 55  |........]..P...U|
00000a90  84 42 28 1c 20 bd b2 ae  51 14 c5 c0 ac 97 95 21  |.B(. ...Q......!|
00000aa0  1c 90 db 0f fc 77 9e 95  73 91 88 ca bd bd 52 b9  |.....w..s.....R.|
00000ab0  05 50 0d df 57 9e a0 61  ed 0d e5 6d 25 d9 40 0f  |.P..W..a...m%.@.|
00000ac0  17 40 c8 ce a3 4a c2 4d  af 9a 12 1d 08 54 8f bd  |.@...J.M.....T..|
00000ad0  c7 bc b9 2b 3d 49 2b 1f  32 fc 6a 21 69 4f 9b c8  |...+=I+.2.j!iO..|
00000ae0  7e 42 34 fc 36 06 17 8b  8f 20 40 c0 b3 9a 25 75  |~B4.6.... @...%u|
00000af0  27 cd c9 03 a3 f6 5d d1  e7 36 54 7a b9 50 b5 d3  |'.....]..6Tz.P..|
00000b00  12 d1 07 bf bb 74 df dc  1e 8f 80 d5 ed 18 f4 2f  |.....t........./|
00000b10  14 16 6b 2f de 66 8c b0  23 e5 c7 84 d8 ed ea c1  |..k/.f..#.......|
00000b20  33 82 ad 56 4b 18 2d f1  68 95 07 cd cf f0 72 f0  |3..VK.-.h.....r.|
00000b30  ae bb dd 86 85 98 2c 21  4c 33 2b f0 0f 4a f0 68  |......,!L3+..J.h|
00000b40  87 b5 92 55 32 75 a1 6a  82 6a 3c a3 25 11 a4 ed  |...U2u.j.j<.%...|
00000b50  ad d7 04 ae cb d8 40 59  a0 84 d1 95 4c 62 91 22  |......@Y....Lb."|
00000b60  1a 74 1d 8c 3d 47 0e 44  a6 e4 b0 9b 34 35 b1 fa  |.t..=G.D....45..|
00000b70  b6 53 a8 2c 81 ec a4 05  71 c8 9d b8 ba e8 1b 44  |.S.,....q......D|
00000b80  66 e4 47 54 0e 8e 56 7f  b3 9f 16 98 b2 86 d0 68  |f.GT..V........h|
00000b90  3e 90 23 b5 2f 5e 8f 50  85 8d c6 8d 82 5f 41 a1  |>.#./^.P....._A.|
00000ba0  f4 2e 0d e0 99 d2 6c 75  e4 b6 69 b5 21 86 fa 07  |......lu..i.!...|
00000bb0  d1 f6 e2 4d d1 da ad 2c  77 53 1e 25 32 37 c7 6c  |...M...,wS.%27.l|
00000bc0  52 72 95 86 b0 f1 35 61  6a 19 f5 b2 3b 81 50 56  |Rr....5aj...;.PV|
00000bd0  a6 32 2d fe a2 89 f9 42  86 27 18 55 a1 82 ca 5a  |.2-....B.'.U...Z|
00000be0  9b f8 30 98 54 14 a6 47  96 25 2f c8 26 e4 41 94  |..0.T..G.%/.&.A.|
00000bf0  1a 5c 02 3f e5 96 e3 85  5b 3c 3e 3f bb 47 16 72  |.\.?....[<>?.G.r|
00000c00  55 e2 25 22 b1 d9 7b e7  03 06 2a a3 f7 1e 90 46  |U.%"..{...*....F|
00000c10  c3 00 0d d6 19 89 e3 0e  35 27 62 03 71 15 a6 ef  |........5'b.q...|
00000c20  d0 27 a0 a0 59 37 60 f8  38 94 b8 e0 78 70 f8 ba  |.'..Y7`.8...xp..|
00000c30  4c 86 87 94 f6 e0 ae 02  45 ee 65 c2 b6 a3 7e 69  |L.......E.e...~i|
00000c40  16 75 07 92 9b f5 a6 bc  59 83 58 a1 59 c0 a5 e4  |.u......Y.X.Y...|
00000c50  94 a7 4a 87 b5 ab 15 5c  2b f0 72 92 03 00 00 00  |..J....\+.r.....|
00000c60  00 00 00 76 03 00 00 fd  2a 94 7f 75 bb c8 40 80  |...v....*..u..@.|
00000c70  81 db e5 85 e3 27 d3 30  82 03 62 30 82 02 4a a0  |.....'.0..b0..J.|
00000c80  03 02 01 02 02 10 3d 5b  b4 9f 5d 3b 7b 97 41 b5  |......=[..];{.A.|
00000c90  cf 19 e3 a8 2c ed 30 0d  06 09 2a 86 48 86 f7 0d  |....,.0...*.H...|
00000ca0  01 01 0b 05 00 30 37 31  35 30 33 06 03 55 04 03  |.....071503..U..|
00000cb0  1e 2c 00 53 00 45 00 43  00 5f 00 50 00 52 00 4f  |.,.S.E.C._.P.R.O|
00000cc0  00 44 00 55 00 43 00 54  00 49 00 4f 00 4e 00 5f  |.D.U.C.T.I.O.N._|
00000cd0  00 4b 00 65 00 6b 00 52  00 6f 00 6f 00 74 30 1e  |.K.e.k.R.o.o.t0.|
00000ce0  17 0d 31 32 30 37 30 35  31 30 31 39 33 39 5a 17  |..120705101939Z.|
00000cf0  0d 32 32 30 37 30 35 31  30 31 39 33 38 5a 30 37  |.220705101938Z07|
00000d00  31 35 30 33 06 03 55 04  03 1e 2c 00 53 00 45 00  |1503..U...,.S.E.|
00000d10  43 00 5f 00 50 00 52 00  4f 00 44 00 55 00 43 00  |C._.P.R.O.D.U.C.|
00000d20  54 00 49 00 4f 00 4e 00  5f 00 4b 00 65 00 79 00  |T.I.O.N._.K.e.y.|
00000d30  55 00 45 00 46 00 49 30  82 01 22 30 0d 06 09 2a  |U.E.F.I0.."0...*|
00000d40  86 48 86 f7 0d 01 01 01  05 00 03 82 01 0f 00 30  |.H.............0|
00000d50  82 01 0a 02 82 01 01 00  9c be b4 ee d6 72 5b 59  |.............r[Y|
00000d60  d4 ef e9 28 15 c6 3a a7  5d 4c 77 61 a2 7e fd e9  |...(..:.]Lwa.~..|
00000d70  5b 0b 41 fa 24 d0 c2 d5  41 c0 a1 39 7e 92 44 a6  |[.A.$...A..9~.D.|
00000d80  23 ae f8 b7 42 28 cd 31  6f f6 92 b3 0d 68 b0 10  |#...B(.1o....h..|
00000d90  a0 ef c6 dc a3 80 ac 5d  ca 44 d8 68 ba 41 a9 2e  |.......].D.h.A..|
00000da0  db 14 49 6b 69 0e a7 26  05 d9 fc e6 92 7c 17 7b  |..Iki..&.....|.{|
00000db0  eb 6c 7a 2d 8c 10 d6 bf  0c 74 c2 a3 18 f7 2e f0  |.lz-.....t......|
00000dc0  38 e3 8e dd 45 ce d2 79  f4 87 5d 5f b9 20 37 f5  |8...E..y..]_. 7.|
00000dd0  a1 56 e8 a4 97 33 52 dd  36 a8 29 9d 4f 3f 50 a9  |.V...3R.6.).O?P.|
00000de0  f2 45 ee f5 f7 d2 09 aa  d9 76 fa 27 49 42 8e 73  |.E.......v.'IB.s|
00000df0  70 d3 47 a2 32 8c 6a 99  7f 59 70 6d e1 b3 2d a0  |p.G.2.j..Ypm..-.|
00000e00  4c a6 e0 f0 b9 1f 9c f7  19 d9 4c 55 37 56 b1 93  |L.........LU7V..|
00000e10  c5 f4 1b 91 eb c7 74 66  b8 84 53 9d 4a e3 7f 7f  |......tf..S.J...|
00000e20  75 4c 02 b0 25 de c6 7f  e2 c9 7e ee f7 c4 57 65  |uL..%.....~...We|
00000e30  b8 55 c7 fe f4 9c b3 da  60 50 78 ce 17 bb 61 45  |.U......`Px...aE|
00000e40  52 c1 65 2f 17 00 4f 0f  db 60 78 88 e2 09 54 07  |R.e/..O..`x...T.|
00000e50  ea 7d be 6a 86 98 f5 65  02 03 01 00 01 a3 6a 30  |.}.j...e......j0|
00000e60  68 30 66 06 03 55 1d 01  04 5f 30 5d 80 10 0f a5  |h0f..U..._0]....|
00000e70  7d 3a 0b b3 d1 5a d1 71  35 18 11 db c1 ba a1 37  |}:...Z.q5......7|
00000e80  30 35 31 33 30 31 06 03  55 04 03 1e 2a 00 53 00  |051301..U...*.S.|
00000e90  45 00 43 00 5f 00 50 00  52 00 4f 00 44 00 55 00  |E.C._.P.R.O.D.U.|
00000ea0  43 00 54 00 49 00 4f 00  4e 00 5f 00 50 00 6b 00  |C.T.I.O.N._.P.k.|
00000eb0  52 00 6f 00 6f 00 74 82  10 1c e9 f1 af 12 13 33  |R.o.o.t........3|
00000ec0  8a 47 1e 9d 7a 4f 20 6d  0f 30 0d 06 09 2a 86 48  |.G..zO m.0...*.H|
00000ed0  86 f7 0d 01 01 0b 05 00  03 82 01 01 00 24 44 ba  |.............$D.|
00000ee0  2e 79 9f 7f c8 a5 a8 66  45 3c dd 09 62 7b 23 a9  |.y.....fE<..b{#.|
00000ef0  f0 3b 07 79 73 c5 35 f6  98 21 2c aa c7 d3 23 81  |.;.ys.5..!,...#.|
00000f00  7c b4 1e 2e 9d 7f 12 2f  ed 54 66 d5 60 89 0f 67  ||....../.Tf.`..g|
00000f10  17 a8 03 79 bd 5d d7 e9  f8 4c ae 91 92 f7 15 dd  |...y.]...L......|
00000f20  c8 1c 2a 69 4b c4 a4 2a  6e cb 98 4e a7 37 cf 00  |..*iK..*n..N.7..|
00000f30  a3 13 78 0b 94 00 87 a7  be af b5 0f 17 0d d2 0e  |..x.............|
00000f40  dd ca 58 2c 71 cb 0c 7a  76 78 a7 b4 a5 5b fd cb  |..X,q..zvx...[..|
00000f50  eb a7 56 83 24 41 45 f0  9c a7 d8 00 4d 4e 24 08  |..V.$AE.....MN$.|
00000f60  df 4a c1 81 35 65 42 ef  13 51 05 5b 85 0d 94 08  |.J..5eB..Q.[....|
00000f70  b7 89 c6 bb ea d2 e0 8e  36 24 f1 f0 14 ec d0 7c  |........6$.....||
00000f80  bc 90 82 5a 2d d1 09 59  32 9f 9f 11 62 10 cf ff  |...Z-..Y2...b...|
00000f90  d9 3a c9 ec 91 cd 26 a3  57 ff ca f7 23 4f 6a e1  |.:....&.W...#Oj.|
00000fa0  06 da 0f 7c 3d 05 27 dc  c2 2e 38 27 0f 9a 4c 35  |...|=.'...8'..L5|
00000fb0  ba 3a 75 d3 02 d4 6d 35  56 aa 41 97 e4 c2 e7 a8  |.:u...m5V.A.....|
00000fc0  b7 08 e2 59 57 90 ce 42  78 a3 6c 50 9e e9 dd 10  |...YW..Bx.lP....|
00000fd0  29 bb fe a0 0e f2 21 3e  eb d0 dc 06 de           |).....!>.....|
00000fdd
Comment 7 Josh Boyer 2015-12-11 09:42:46 EST
My apologies.  I should have requested that you simply cat the db variable into a file and attach it to the bug.  Could you please do so?
Comment 8 teppot 2015-12-11 10:01 EST
Created attachment 1104720 [details]
db variable
Comment 9 David Howells 2015-12-11 10:12 EST
Created attachment 1104724 [details]
First X.509 cert extracted
Comment 10 David Howells 2015-12-11 10:13 EST
Created attachment 1104725 [details]
Second X.509 cert extracted
Comment 11 David Howells 2015-12-11 10:13 EST
Created attachment 1104726 [details]
Third X.509 cert extracted
Comment 12 Josh Boyer 2015-12-11 10:17:50 EST
If you have a dbx variable in the same directory, could you also provide that?
Comment 13 teppot 2015-12-11 10:20 EST
Created attachment 1104728 [details]
dbx variable
Comment 14 David Howells 2015-12-11 12:13 EST
Created attachment 1104749 [details]
First X.509 cert extracted from DBX
Comment 15 David Howells 2015-12-11 12:32:19 EST
keys-3.der fails to load with -ERANGE and keys-4.der fails to load with -EBADMSG.

The problem is the same in both cases: the X.509 validation code in the kernel assumes that because neither cert have an AKID the cert must be self-signed, despite the Issuer differing from the Subject.  To fix this, we should only check a self-signature if the Issuer name matches the Subject name.  If they don't, we should assume that the cert is not self-signed.
Comment 16 Josh Boyer 2016-01-13 10:19:43 EST
Did patches get posted to address this?  I thought I recalled seeing some, but I cannot find them now.
Comment 17 teppot 2016-06-24 02:40:54 EDT
Still happens with Fedora 24.
Comment 18 Laura Abbott 2016-09-23 15:20:51 EDT
*********** MASS BUG UPDATE **************
 
We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 24 kernel bugs.
 
Fedora 24 has now been rebased to 4.7.4-200.fc24.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.
 
If you have moved on to Fedora 25, and are still experiencing this issue, please change the version to Fedora 25.
 
If you experience different issues, please open a new bug report for those.
Comment 19 Laura Abbott 2016-10-26 12:58:56 EDT
*********** MASS BUG UPDATE **************
This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 4 weeks. If you are still experiencing this issue, please reopen and attach the relevant data from the latest kernel you are running and any data that might have been requested previously.
Comment 20 teppot 2017-04-21 01:41:31 EDT
Doesn't happen on Fedora 26 any more.

Note You need to log in before you can comment on or make changes to this bug.