Bug 433754 - padlock-sha makes kernel module signature verifications fail
Summary: padlock-sha makes kernel module signature verifications fail
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 8
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-02-21 09:44 UTC by Andreas Jaekel
Modified: 2008-02-23 03:50 UTC (History)
0 users

Clone Of:
Last Closed: 2008-02-23 03:50:05 UTC

Attachments (Terms of Use)

Description Andreas Jaekel 2008-02-21 09:44:19 UTC
Description of problem:

I have a VIA EPIA SN10000EG board which has a build in hardware cryptography
module that VIA calls Padlock.  It is supported by Linux via the padlock-aes and
padlock-sha modules.

Loading the padlock-sha module makes loading other modules later on fail with a
signature verification error.

Version-Release number of selected component (if applicable):

Freshly installed Fedora Core 8 with all updates applied via "yum update".

How reproducible:

Reproducing it might require the exact same model of motherboard - I suspect the
error might have show up earlier if it was a general problem with Padlock, and
the SN10000EG is fairly new.  See "Steps" below.

Steps to Reproduce:

[root@panther ~]# modprobe usb_storage
[root@panther ~]# dmesg | tail -1
USB Mass Storage support registered.
[root@panther ~]# rmmod usb_storage
[root@panther ~]# modprobe padlock-sha
[root@panther ~]# modprobe usb_storage
FATAL: Error inserting usb_storage
(/lib/modules/ Key
was rejected by service
[root@panther ~]# dmesg | tail -1
Module signature verification failed
[root@panther ~]# rmmod padlock-sha
[root@panther ~]# modprobe usb_storage
[root@panther ~]# dmesg | tail -1
usb-storage: device scan complete
[root@panther ~]#

Additional info:

I can run supplied test software on the mashine, or provide additional debugging
information.  I'm a developer, so I'm not scared of debuggers and compilers. 
Tell me what you need.

Comment 1 Andreas Jaekel 2008-02-21 09:48:38 UTC
I would like to add that the padlock-aes module works fine on the same computer.
 I have an encrypted filesystem that I can read and write with and without
padlock-aes.  The only notable difference is that using padlock-aes makes the
filesystem  I/O faster by a factor of five.  I take that to mean that the
Padlock engine is generally functional.

Comment 2 Chuck Ebbert 2008-02-22 04:36:34 UTC
This is a known problem and is "fixed" in Fedora 9 because the module signing
has been removed.

Comment 3 Chuck Ebbert 2008-02-23 03:50:05 UTC

Note You need to log in before you can comment on or make changes to this bug.