config.txt (227.3 KB)
Kernel_build_logs.txt (18.6 KB)
Hi,
I’m building the JetPack 5.1.3 (L4T r35.5.0) kernel on Jetson AGX Xavier using the standard kernel sources from:
Linux_for_Tegra/source/public/kernel/kernel-5.10/
My kernel build fails with the following certificate-related error:
EXTRACT_CERTS certs/signing_key.pem
EXTRACT_CERTS certs/signing_key.x509
At main.c:161:
- SSL error:0909006C:PEM routines:get_name:no start line: ../crypto/pem/pem_lib.c:745
extract-cert: certs/signing_key.x509: Success
make[2]: *** certs/x509_certificate_list Error 1
make[1]: *** [Makefile:1864: certs] Error 2
make: *** [Makefile:220: __sub-make] Error 2
What I Already Checked
-
CONFIG_MODULE_SIGis enabled in kernel config. -
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"is present. -
The file
certs/signing_key.pemexists, but the extract-cert step fails.
When I open the PEM file, it looks like the key may be incomplete or corrupted:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBK
So it seems the kernel build system is unable to extract the certificate and create certs/x509_certificate_list.
Questions for NVIDIA:
-
Why does the kernel build system generate an invalid signing_key.pem during the build?
-
Is signing_key.pem supposed to be autogenerated by the build, or should we manually generate a valid RSA key pair before building?
-
What is the correct procedure for kernel module signing on JetPack 5.1.3 (kernel 5.10) for systems that use secure boot / ODM fused?
-
Is there an official NVIDIA guide for regenerating the certs folder for kernel signing?
Environment
-
Jetson AGX Xavier
-
JetPack 5.1.3
-
L4T 35.5.0
-
Kernel 5.10 source from
Linux_for_Tegra -
Building on Ubuntu 20.04 x86_64 host
Any guidance on the correct way to fix the PEM certificate issue or regenerate the signing key for kernel build would be appreciated.
Thank you.