Actually, it'd appear that this is a red herring; it looks like,
to me, that only the two compiled-in certificates do anything at all,
and the ones loaded from DB don't participate?
I've set up different certificate chain, and configured it much more
similarly to the Debian CA, just to see. It
If anyone has a faintest idea so as to what the problem may be, please help;
the only vaguely-related config change is
INTEGRITY_MACHINE_KEYRING going from unset to y,
but that shouldn't(! not that it doesn't, the code is an enigma to me,
but as i understand it and as i read the kconfig, it
Control: found -1 6.1.20-1
Updated to linux-image-6.1.0-7-amd64 (6.1.20-1);
still happens.
наб
Mar 25 01:38:54 babtop kernel: microcode: microcode updated early to revision
0xf4, date = 2022-07-31
Mar 25 01:38:54 babtop kernel: Linux version 6.1.0-7-amd64
(debian-ker...@lists.debian.org)
Turns out Debian .config includes dyndbg, so I tried booting with
dyndbg="+pfm; module iommu =_; module acpi =_" log_buf_len=4M
and got A Result.
In both cases I broke as in the initrd (too late, it seems),
echo MARK > /dev/kmsg
modprobe zfs
echo MARK > /dev/kmsg
Naturally, by
but the kernel says it doesn't have a matching signature.
I meant
but the kernel says it doesn't have a matching certificate.
In both the 6.1 and 6.0 dmesg I see, for /cert/:
[0.737895] Loading compiled-in X.509 certificates
[0.751773] Loaded X.509 cert 'Debian Secure
5 matches
Mail list logo