LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel
User Name
Password
Linux - Kernel This forum is for all discussion relating to the Linux kernel.

Notices


Reply
  Search this Thread
Old 12-04-2017, 10:17 PM   #1
manisha.jnu08
LQ Newbie
 
Registered: Dec 2017
Posts: 3

Rep: Reputation: Disabled
Error while loading a signed kernel module : Request for unknown module key : err -11


Hi,

I have created a key pair and enrolled the public key using the mokutil
Code:
 mokutil --import pubkey.der
I am using the key pair to sign a kernel module
Code:
 scripts/sign-file sha512 private.key pubkey.der mymodule.ko
Now I am loading this signed kernel module using modprobe
Code:
 modprobe mymodule
I am getting following error. Logs are captured from /car/log/messages
Code:
Dec  4 05:33:45 localhost kernel: Request for unknown module key 'Example, Inc. Kernel signing key: 4efdd0b379fda0f5e0693cd39a773b20000f853b' err -11
Dec  4 05:33:45 localhost kernel: Hello world 1.
I was expecting that the signed kernel module should be loaded without any error, as I have enrolled the public key to kernel.
Can anybody please explain the reason for this error and how to load the signed module with out any error?

Thanks.
 
Old 12-08-2017, 02:46 PM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,025

Rep: Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806
Are you using the same key that was used to sign the kernel?
 
Old 12-12-2017, 04:31 AM   #3
manisha.jnu08
LQ Newbie
 
Registered: Dec 2017
Posts: 3

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by smallpond View Post
Are you using the same key that was used to sign the kernel?
No, I have generated my own keypair using below command.

Code:
openssl req -x509 -new -utf8 -days 60 -batch -config ima.genkey -outform DER -out pubkey.der -keyout private.key
I didn't do anything related to singing the kernel. I just created a kernel loadable module and was using the generated keypair to sign it and load it using modprobe. I was using this bog as reference https://blog.delouw.ch/2017/04/18/si...signed-modules

Last edited by manisha.jnu08; 12-12-2017 at 04:38 AM.
 
Old 12-12-2017, 09:40 AM   #4
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 & 7
Posts: 3,025

Rep: Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806Reputation: 806
I have never trusted blog posts about the kernel when the kernel itself contains a large and accurate Documentation tree.

http://elixir.free-electrons.com/lin...ion/digsig.txt

The kernel document says that keys can be PEM or the internal keyring format and shows how to tell whether your key has been installed properly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
boot error: request module runaway loop module binfmt -464c tournesol59 Ubuntu 4 11-26-2017 05:51 PM
"Unknown symbol __fentry__ (err 0)" - loading compiled module on compiled kernel 3.18 Jason_25 Linux - Kernel 1 12-25-2014 06:45 AM
i am writing a kernel driver when i try to insert a kernel module i am getting an err kernelminded Linux - Kernel 1 12-16-2012 12:37 PM
Kernel module problem - unknown symbol in module mlangdn Slackware 3 08-31-2010 12:10 AM
How Can I Force Removal of a Kernel Module (ERROR: Module usb_storage is in use) klearview Linux - Software 2 10-10-2008 10:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software > Linux - Kernel

All times are GMT -5. The time now is 08:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration