Bug 1972676 - Requirements for authenticating kernel modules with X.509
Summary: Requirements for authenticating kernel modules with X.509
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Special Resource Operator
Version: 4.8
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ---
: 4.8.0
Assignee: Zvonko Kosic
QA Contact: Walid A.
URL:
Whiteboard:
Depends On: 1972678
Blocks: 1975479
TreeView+ depends on / blocked
 
Reported: 2021-06-16 11:53 UTC by Zvonko Kosic
Modified: 2021-07-27 23:13 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1972678 (view as bug list)
Environment:
Last Closed: 2021-07-27 23:13:09 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift driver-toolkit pull 37 0 None open [release-4.8] Bug 1972676: Requirements for authenticating kernel modules with X.509 keys 2021-06-21 14:39:10 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 23:13:28 UTC

Description Zvonko Kosic 2021-06-16 11:53:30 UTC 
In RHEL 8, when a kernel module is loaded, the kernel checks the signature of the module against the public X.509 keys from the kernel system keyring (.builtin_trusted_keys) and the kernel platform keyring (.platform). The .platform keyring contains keys from third-party platform providers and custom public keys. The keys from the kernel system .blacklist keyring are excluded from verification.

Additional tools are: yum -y install openssl mokutil keyutils
Comment 4 errata-xmlrpc 2021-07-27 23:13:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438
Note You need to log in before you can comment on or make changes to this bug.