At least since 2020-08-09 RSA signing of kernel modules is broken in openSUSE:Factory:RISCV, producing bad signatures that cannot be verified against the included certificate: $ modsign-verify -v -v --cert-dir etc/uefi/certs sunrpc.ko Signature type: pkcs#7 Signed by: cn=openSUSE Secure Boot CA,serial=1 Hash algorithm: sha256 Trying etc/uefi/certs/188EA6FA.crt Found matching certificate etc/uefi/certs/188EA6FA.crt RSA operation error 140060768991040:error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding:crypto/rsa/rsa_pk1.c:67: 140060768991040:error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed:crypto/rsa/rsa_ossl.c:648: sunrpc.ko: signature validation failed for etc/uefi/certs/188EA6FA.crt sunrpc.ko: bad signature IIUC the signature appears to be created with a private key that doesn't match the public key in etc/uefi/certs/188EA6FA.crt. Since the problem does not occur if the same kernel is built in a different project, there is no fundamental problem with signature creation or verification. The last working kernel was built on 2020-08-01 in o:F:RISCV (which verifies properly using the same certificate). I note that the certificate has a serial number of 1. Isn't that serial number supposed to be unique? Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org