openSUSE Kernel November 2020

kernel@lists.opensuse.org

6 participants
5 discussions

[opensuse-kernel] kernel lockdown and signed modules

by Giacomo Comes

Hi, I recently needed to rebuild one kmp package to add some changes. I did that and I have been using it without trouble. However, when I try to load such module on a UEFI system with secure boon enabled I get: modprobe: ERROR: could not insert '<module>': Operation not permitted and dmesg shows: Lockdown: modprobe: unsigned module loading is restricted; see man kernel_lockdown.7 After some googling I found that I need to sign the module I build myself in order to make it load on a kernel with lockdown. I followed the instructions in: https://documentation.suse.com/sbp/all/html/SBP-KMP-Manual/index.html 8.2 Signing Module Object Files (UEFI Secure Boot) I created a key and certificate (8.2.1) I signed my KMP rpm (8.2.2) using modsign-repackage I installed the rpm: <name>-kmp-<flavor> together with <name>-ueficert then I imported the certificate installed by <name>-ueficert using mokutil mokutil --import /etc/uefi/certs/<file>.crt After reboot I enrolled the new certificate. Now the command: mokutil --list-enrolled shows two certificates: the 'openSUSE Secure Boot CA' and the one I have enrolled. However when I try to load my (now signed) kernel module I still get: Lockdown: modprobe: unsigned module loading is restricted; see man kernel_lockdown.7 (but the command modsign-verify <module> gives: good signature) Am I doing something wrong? Is the documentation I'm following outdated? Is there a bug somewhere? I don't think the problem is with the UEFI bios as I get the same results on real hardware and in qemu. Any help is appreciated. Thanks. Giacomo

1 year, 4 months

[opensuse-kernel] Kernel version checks in spec files

by Hans-Peter Jansen

HI, do we have a decent way to check for the kernel version for a kernel module build or some such? Thanks, Pete

1 year, 5 months

[opensuse-kernel] can dmesg CIFGS VIFS noise be prevented

by Felix Miata

I require access to OS/2 constantly. Can this noise be prevented from littering logs? [...] CIFS VFS: Use of the less secure dialect vers=1.0 is not recommended unless required for access to very old servers [...] CIFS VFS: Send error in QFSAttributeInfo = -95 -- Evolution as taught in public schools, like religion, is based on faith, not on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/

1 year, 5 months

[opensuse-kernel] Re: [opensuse-factory] Different development models of Tumbleweed and Leap

by Hans-Peter Jansen

Am Dienstag, 3. November 2020, 12:46:49 CET schrieb Stephan Kulow: > Am 03.11.20 um 09:42 schrieb Hans-Peter Jansen: > > Hi, > > > > yesterday, I found myself digging in the guts of a kernel 5.9.3 build, > > that > > succeeded with TW and failed with 15.2. This is the second time, a build > > failed due to stale symlink checking with Leaps (at least). > > > > Given, that all kernel related development is done on TW, this is rather > > unfortunate. Therefore, I kindly ask to enable the symlink checks, that > > are > > enforced with Leaps, for TW as well. > > > > While such issues aren't a big deal, they're a PITA nevertheless. > > This has nothing to do with a 'development model', kernel-default.spec sets > NO_BRP_STALE_LINK_ERROR=yes This doesn't explain build differences between Leap and TW, does it? Also, the first example is related to our kernel-firmware package, while the latter affected kernel-source. Cheers, Pete -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org

1 year, 6 months

[opensuse-kernel] Different development models of Tumbleweed and Leap

by Hans-Peter Jansen

Hi, yesterday, I found myself digging in the guts of a kernel 5.9.3 build, that succeeded with TW and failed with 15.2. This is the second time, a build failed due to stale symlink checking with Leaps (at least). Given, that all kernel related development is done on TW, this is rather unfortunate. Therefore, I kindly ask to enable the symlink checks, that are enforced with Leaps, for TW as well. While such issues aren't a big deal, they're a PITA nevertheless. Examples: https://lkml.org/lkml/2020/9/8/303 https://lkml.org/lkml/2020/11/2/1185 Cheers, Pete -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org

1 year, 6 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openSUSE Kernel November 2020