Bug 433754 - padlock-sha makes kernel module signature verifications fail
Summary: padlock-sha makes kernel module signature verifications fail
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
(Show other bugs)
Version: 8
Hardware: i386 Linux
low
low
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-02-21 09:44 UTC by Andreas Jaekel
Modified: 2008-02-23 03:50 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-23 03:50:05 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Andreas Jaekel 2008-02-21 09:44:19 UTC
Description of problem:

I have a VIA EPIA SN10000EG board which has a build in hardware cryptography
module that VIA calls Padlock.  It is supported by Linux via the padlock-aes and
padlock-sha modules.

Loading the padlock-sha module makes loading other modules later on fail with a
signature verification error.


Version-Release number of selected component (if applicable):

Freshly installed Fedora Core 8 with all updates applied via "yum update".


How reproducible:

Reproducing it might require the exact same model of motherboard - I suspect the
error might have show up earlier if it was a general problem with Padlock, and
the SN10000EG is fairly new.  See "Steps" below.


Steps to Reproduce:

[root@panther ~]# modprobe usb_storage
[root@panther ~]# dmesg | tail -1
USB Mass Storage support registered.
[root@panther ~]# rmmod usb_storage
[root@panther ~]# modprobe padlock-sha
[root@panther ~]# modprobe usb_storage
FATAL: Error inserting usb_storage
(/lib/modules/2.6.23.15-137.fc8/kernel/drivers/usb/storage/usb-storage.ko): Key
was rejected by service
[root@panther ~]# dmesg | tail -1
Module signature verification failed
[root@panther ~]# rmmod padlock-sha
[root@panther ~]# modprobe usb_storage
[root@panther ~]# dmesg | tail -1
usb-storage: device scan complete
[root@panther ~]#

  
Additional info:

I can run supplied test software on the mashine, or provide additional debugging
information.  I'm a developer, so I'm not scared of debuggers and compilers. 
Tell me what you need.

Comment 1 Andreas Jaekel 2008-02-21 09:48:38 UTC
I would like to add that the padlock-aes module works fine on the same computer.
 I have an encrypted filesystem that I can read and write with and without
padlock-aes.  The only notable difference is that using padlock-aes makes the
filesystem  I/O faster by a factor of five.  I take that to mean that the
Padlock engine is generally functional.


Comment 2 Chuck Ebbert 2008-02-22 04:36:34 UTC
This is a known problem and is "fixed" in Fedora 9 because the module signing
has been removed.

Comment 3 Chuck Ebbert 2008-02-23 03:50:05 UTC
Closing as NEXTRELEASE.


Note You need to log in before you can comment on or make changes to this bug.