home  bbs  files  messages ]

      ZZLI4424             linux.debian.kernel             1332 messages      

[ previous | next | reply ]

[ list messages | list forums ]

  Msg # 213 of 1332 on ZZLI4424, Thursday 9-10-25, 1:10  
  From: CLIFF KILBY  
  To: OWNER@BUGS.DEBIAN.ORG  
  Subj: Bug#1114737: Acknowledgement (linux-imag  
 XPost: linux.debian.bugs.dist 
 From: cliffjkilby@gmail.com 
  
 I went out on a ledge and tried to rebuild the kernel with the single 
 change proposed. 
 # uname -a 
 Linux debian 6.12.43 #2 SMP PREEMPT_DYNAMIC Tue Sep  9 09:24:23 EDT 2025 
 x86_64 GNU/Linux 
 # grep TRUSTED /boot/config-6.12.43 
 CONFIG_TRUSTED_KEYS=m 
 # dmesg | grep 'Linux version' 
 [    0.000000] Linux version 6.12.43 (buildlocal@debian) (gcc (Debian 
 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #2 SMP 
 PREEMPT_DYNAMIC Tue Sep  9 09:24:23 EDT 2025 
 #modinfo trusted 
 filename: 
 /lib/modules/6.12.43/kernel/security/keys/trusted-keys/trusted.ko.xz 
 license:        GPL 
 # lsmod | grep trusted 
 trusted                45056  1 dm_crypt 
 asn1_encoder           12288  1 trusted 
 tee                    49152  1 trusted 
 # keyctl add trusted kmk "new 32" @u 
 add_key: Invalid argument 
  
 Ooops. It appears that even with the module, the instruction is wrong. But, 
 at least "trusted" is a type now. So, I can do this. 
  
 # keyctl add trusted kmk-trusted "new 32 keyhandle=0x81000001" @u 
 964692806 
 # keyctl describe  964692806 
 964692806: alswrv-----v------------     0     0 trusted: kmk-trusted 
  
 I do not believe that building a local kernel is a long term fix for a 
 security feature that should be available by default. I would still ask 
 that you enable the module build of this module. 
  
  
 On Mon, Sep 8, 2025 at 11:19€€€PM Debian Bug Tracking System < 
 owner@bugs.debian.org> wrote: 
  
 > Thank you for filing a new Bug report with Debian. 
 > 
 > You can follow progress on this Bug here: 1114737: 
 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114737. 
 > 
 > This is an automatically generated reply to let you know your message 
 > has been received. 
 > 
 > Your message is being forwarded to the package maintainers and other 
 > interested parties for their attention; they will reply in due course. 
 > 
 > As you requested using X-Debbugs-CC, your message was also forwarded to 
 >   cliffjkilby@gmail.com 
 > (after having been given a Bug report number, if it did not have one). 
 > 
 > Your message has been sent to the package maintainer(s): 
 >  debian-kernel@lists.debian.org 
 > 
 > If you wish to submit further information on this problem, please 
 > send it to 1114737@bugs.debian.org. 
 > 
 > Please do not send mail to owner@bugs.debian.org unless you wish 
 > to report a problem with the Bug-tracking system. 
 > 
 > -- 
 > 1114737: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1114737 
 > Debian Bug Tracking System 
 > Contact owner@bugs.debian.org with problems 
 > 
  
 
I went out on a ledge and tried to rebuild the kernel 
 with 
 the single change proposed. 
# uname -a
Linux debian 6.12. 
 43 
 #2 SMP PREEMPT_DYNAMIC Tue Sep €€9 09:24:23 EDT 2025 x86_64 GNU/ 
 inux
# grep TRUSTED / 
 boot/config-6.12.43
CONFIG_TRUSTED_KEYS=m
# dmesg | grep 
 'Linux version'
[ €€ €€0.000000] Linux version 6.12.43 
 (buildlocal@debian) (gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for 
 Debian) 2.44) #2 SMP PREEMPT_DYNAMIC Tue 
 Sep €€9 09:24:23 EDT 2025
#modinfo trusted
filename: €€ €€ €€ 
 /lib/modules/6.12.43/kernel/security/keys/trusted-keys/trusted.k 
 .xz
license: €€ €€ €€ €€GPL
# lsmod | grep trusted
trusted 
 €€ 
 €€ €€ €€ €€ €€ €€ €€45056 €€1 dm_ 
 crypt
asn1_encoder €€ €€ €€ €€ €€ 12288 €€1 trusted
tee €€ €€ €€ €€ €€ 
 €€ €€ €€ €€ €€49152 €€1 trusted
# keyctl add trusted kmk "new 
 32" @u
add_key: Invalid argument

Ooops. It 
 appears that even with 
 the module, the instruction is wrong. But, at least "trusted" is a 
 type now. So, I can do this.

# keyctl add trusted 
 kmk-trusted "new 32 keyhandle=0x81000001" @u
964692 
 06
# keyctl describe €€ 
 964692806
964692806: alswrv-----v------------ €€ €€ 0 €€ €€ 0 trusted: 
 kmk-trusted

I do not believe that building a local 
 kernel is a long term fix for a security feature that should be available by 
 default. I would still ask 
 that you enable the module build of this module.
< 
 r>

On Mon, Sep 8, 2025 at 11:19€€€PM Debian Bug Tracking System 
 <owner@bugs.debian.org> wrote:
Thank you for filing a new Bug report 
 with 
 Debian.
 
 
 
 You can follow progress on this Bug here: 1114737: https://bugs.debian.org/cgi-bin/bugreport.cgi?bu 
 =1114737.
 
 
 
 This is an automatically generated reply to let you know your message
 
  
 [continued in next message] 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2) 

[ list messages | list forums | previous | next | reply ]

search for:

328,110 visits
(c) 1994,  bbs@darkrealms.ca