On Mon, Mar 10, 2025 at 12:51:35PM +0200, Raul Tambre wrote:
> Starting with 6.13.6-1~exp1 the following error is logged during boot:
>
> Mar 10 12:11:53 laptop kernel: Loading compiled-in X.509 certificates
> Mar 10 12:11:53 laptop kernel: Problem loading in-kernel X.509 certificate
> (-2)
>
> I imagine this is likely caused by commit
> ca3d0e60f548ed18c360fa87c5a2966606862b05 ("Store build time signing key
> encrypted").
Yeah. And the immediate reason:
| -Signature Algorithm: sha256WithRSAEncryption
| +Signature Algorithm: ecdsa-with-SHA256
The old kernel tried to configure with ecdsa, but failed, due to some
conflicts in the config, falling back to rsa.
And missing support for ecdsa, but for some reason built-in suport for
rsa.
| root@boot1:/usr/lib/debug/boot# grep CONFIG_CRYPTO_RSA /boot/config-6.1*
| /boot/config-6.12.17-cloud-amd64:CONFIG_CRYPTO_RSA=y
| /boot/config-6.13-cloud-amd64:CONFIG_CRYPTO_RSA=y
| root@boot1:/usr/lib/debug/boot# grep CONFIG_CRYPTO_ECDS /boot/config-6.1*
| /boot/config-6.12.17-cloud-amd64:# CONFIG_CRYPTO_ECDSA is not set
| /boot/config-6.13-cloud-amd64:# CONFIG_CRYPTO_ECDSA is not set
Bastian
--
Knowledge, sir, should be free to all!
-- Harry Mudd, "I, Mudd", stardate 4513.3
