search

andikleen / simple-pt

Simple Intel CPU processor tracing on Linux
343 stars 77 forks source link

SSL error in installing kernel module #8

Closed sid7954 closed 7 years ago

sid7954 commented 7 years ago

When I try installing the kernel module using "sudo make modules_install", i get the following SSL error. I am not sure which kernel dependencies to install to get rid of this error.

make -C /lib/modules/uname -r/build M=pwd modules_install make[1]: Entering directory '/usr/src/linux-headers-4.4.0-36-generic' INSTALL /workspace/siddhant/simple-pt/simple-pt.ko At main.c:222: SSL error:02001002:system library:fopen:No such file or directory: bss_file.c:175 SSL error:2006D080:BIO routines:BIO_new_file:no such file: bss_file.c:178 sign-file: certs/signing_key.pem: No such file or directory INSTALL /workspace/siddhant/simple-pt/test-ftrace.ko At main.c:222: SSL error:02001002:system library:fopen:No such file or directory: bss_file.c:175 SSL error:2006D080:BIO routines:BIO_new_file:no such file: bss_file.c:178 sign-file: certs/signing_key.pem: No such file or directory DEPMOD 4.4.0-36-generic make[1]: Leaving directory '/usr/src/linux-headers-4.4.0-36-generic'

andikleen commented 7 years ago

Looks like certificates are missing. I don't know the package name.

On Tue, May 09, 2017 at 08:59:40AM -0700, sid7954 wrote:

When I try installing the kernel module using "sudo make modules_install", i get the following SSL error. I am not sure which kernel dependencies to install to get rid of this error.

make -C /lib/modules/uname -r/build M=pwd modules_install make[1]: Entering directory '/usr/src/linux-headers-4.4.0-36-generic' INSTALL /workspace/siddhant/simple-pt/simple-pt.ko At main.c:222:

• SSL error:02001002:system library:fopen:No such file or directory: bss_file.c:175 • SSL error:2006D080:BIO routines:BIO_new_file:no such file: bss_file.c:178 sign-file: certs/signing_key.pem: No such file or directory DEPMOD 4.4.0-36-generic make[1]: Leaving directory '/usr/src/linux-headers-4.4.0-36-generic'

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.*

bastoica commented 7 years ago

Hi Andi,

Thanks for replying. We thought so, but couldn't figure out the right package...

We also suspect it has to do with the current kernel version. Which kernel are you using? We're on 4.4.0-36-generic .

Thanks, -Bogdan.

andikleen commented 7 years ago

Try installing ca-certificates

sid7954 commented 7 years ago

In Ubuntu 16.04.2, the kernel module needs to be validated by a public-private key pair. Another way to go about this is to disable Secure Boot from UEFI console settings. This error did not arise in previous kernel versions. More can be read from https://github.com/free5lot/hid-apple-patched/issues/23#issuecomment-221154710

andikleen commented 7 years ago

I don't think secure build will affect the build process. It may affect your ability to load the module later.

sid7954 commented 7 years ago

Yes, secure build does not affecting the build, but the SSL errors I am getting are not fatal and the build proceeds nonetheless. Validating the kernel module helps me to load it successfully.

bastoica commented 7 years ago

Basically, since Ubuntu kernel 4.4.0.20 the EFI_SECURE_BOOT_SIG_ENFORCE kernel configuration is enabled which prevents loading unsigned third party kernel modules when UEFI Secure Boot is turned on. There are 3 options to get around this (as explained in the link above):

  1. Option 1 (secure): sign the module using a public/private key pair (see this reference);
  2. Option 2 (less secure): disable module signature verification via sudo mokutil --disable-validation and a reboot (ignore "Failed to request" errors);
  3. Option 3 (even less secure): turn off secure boot altogether

-Bogdan.

HSYAndone commented 5 years ago

基本上,由于Ubuntu内核4.4.0.20启用了EFI_SECURE_BOOT_SIG_ENFORCE内核配置,这可防止在打开UEFI安全启动时加载未签名的第三方内核模块。有3个选项可以解决这个问题(如上面的链接所述):

  1. 选项1(安全):使用公钥/私钥对对模块进行签名(参见参考);
  2. 选项2(安全性较低):通过sudo mokutil --disable-validation重启禁用模块签名验证(忽略“请求失败”错误);
  3. 选项3(更不安全):完全关闭安全启动

-Bogdan。

Why did I do what you said but failed?

HSYAndone commented 5 years ago

Basically, since Ubuntu kernel 4.4.0.20 the EFI_SECURE_BOOT_SIG_ENFORCE kernel configuration is enabled which prevents loading unsigned third party kernel modules when UEFI Secure Boot is turned on. There are 3 options to get around this (as explained in the link above):

  1. Option 1 (secure): sign the module using a public/private key pair (see this reference);
  2. Option 2 (less secure): disable module signature verification via sudo mokutil --disable-validation and a reboot (ignore "Failed to request" errors);
  3. Option 3 (even less secure): turn off secure boot altogether

-Bogdan.

I have turned off the secure boot but still can not 'make modules_install ' successfully

jiqianxu commented 4 years ago

Basically, since Ubuntu kernel 4.4.0.20 the EFI_SECURE_BOOT_SIG_ENFORCE kernel configuration is enabled which prevents loading unsigned third party kernel modules when UEFI Secure Boot is turned on. There are 3 options to get around this (as explained in the link above):

  1. Option 1 (secure): sign the module using a public/private key pair (see this reference);
  2. Option 2 (less secure): disable module signature verification via sudo mokutil --disable-validation and a reboot (ignore "Failed to request" errors);
  3. Option 3 (even less secure): turn off secure boot altogether

-Bogdan.

I have turned off the secure boot but still can not 'make modules_install ' successfully

hi,do you resolve this problem now?

poseidon-j commented 4 years ago

i have issue Check old driver and unload it. rmmod r8168 Build the module and install At main.c:160:

moose09876 commented 4 years ago

@poseidon-j - I'm seeing the same error. Did you get this resolved? Guessing you're trying to install the 8152 driver?

strugglehonor commented 3 years ago

@poseidon-j @moose09876 I have the same error,too. Anything updated?

alexpop commented 3 years ago

You are missing a signing key to sign the module: sign-file: certs/signing_key.pem: No such file or directory

Create the key like this:

cd /lib/modules/$(uname -r)/build/certs

sudo tee x509.genkey > /dev/null << 'EOF'
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
CN = Modules
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
EOF

sudo openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.pem
sunshinerxu commented 3 years ago

You are missing a signing key to sign the module: sign-file: certs/signing_key.pem: No such file or directory

Create the key like this:

cd /lib/modules/$(uname -r)/build/certs

sudo tee x509.genkey > /dev/null << 'EOF'
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts
[ req_distinguished_name ]
CN = Modules
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
EOF

sudo openssl req -new -nodes -utf8 -sha512 -days 36500 -batch -x509 -config x509.genkey -outform DER -out signing_key.x509 -keyout signing_key.pem

Solved by this mean.

li-kiao commented 2 years ago

Solved by this mean. thanks,I sloved it by this mean in openEuler22.03LTS.