peak-linux-driver-8.15.2 pcan: module verification failed: signature and/or required key missing - tainting kernel

[usermuser486]

Hello

After switching to a newer Ubuntu image (Ubuntu 18.04.6 LTS), our linux software is no longer able to connect to the CAN BUS. It worked fine before the switch. With the new linux we get "illegal AF_CAN address" errors. However, all adresses have been verified as correct and we can even connect to the CANBUS from a windows laptop with a standalone application.

Thus we suspect the source of the problem to be in the linux upgrade. Our next step was to try to install the latest drivers (peak-linux-driver-8.15.2) as a module in the kernel. I have never installed a module on a linux system and tried to follow the instructions in the PDF manual at https://www.peak-system.com/fileadmin/m ... story.html

make clean, make, and sudo make install were all successful, however, the module doesn't seem to load on its own after reboot. udev is running, it's just standard Ubuntu. So we loaded it manually with sudo modprobe pcan, and now get the following system log messages:

user@system:~/Desktop$ dmesg | grep pcan
[ 978.074485] pcan: loading out-of-tree module taints kernel.
[ 978.074792] pcan: module verification failed: signature and/or required key missing - tainting kernel
[ 978.076453] pcan: Release_20220929_n (le)
[ 978.076456] pcan: driver config [mod] [isa] [pci] [pec] [usb]
[ 978.076625] usbcore: registered new interface driver pcan
[ 978.076638] pcan: major 238.

Should I somehow sign the module? Is that what's preventing the manually installed driver from loading? Or is there any easier way for me to get the latest driver on this Ubuntu machine?

Alternatively, is there any way to debug the original "illegal AF_CAN address" error?

Thankful for any pointers in the right direction!

[S.Grosjean]

Hi,

If DKMS is installed on your Linux system, then you could use "make dkms-install" instead of "make install" to install the driver, so that the module will be signed by DKMS instead, and you won't have to deal with.

Code: Select all

$ cd peak-linux-driver-8.15.2/driver
$ make clean all
$ sudo make dkms-install

While running Ubuntu, and if you don't want to use DKMS, you should also be able to sign the module by yourself, doing this:

Code: Select all

$ grep CONFIG_MODULE_SIG_HASH /boot/config-`uname -r`
CONFIG_MODULE_SIG_HASH="sha512"

Then use the displayed signature hash method (here, "sha512") in the below command line:

Code: Select all

$ cd peak-linux-driver-8.15.2/driver
$ make clean all
$ sudo kmodsign sha512 /var/lib/shim-signed/mok/MOK.priv /var/lib/shim-signed/mok/MOK.der pcan.ko 
$ sudo make install

About the "illegal AF_CAN address" message, it seems that it's libsocket-can-java error related, therefore you should tell us a bit more about your application configuration... If you really run above a socket-can interface, then you'll have to build the driver with "make netdev" instead of "make" (see the documentation):

Code: Select all

$ cd peak-linux-driver-8.15.2/driver
$ make clean netdev

Regards,

[usermuser486]

Hi

Wow! Thank you very much, you've given me several promising and well-explained ways to try resolving this.

Will report here as soon as we have it working agian.

Thank you!

[usermuser486]

Just a follow up in case anyone else runs into this problem, it ended up being a problem in libsocket-can-java and is not related to any software from Peak-System. We thank Peak-System for the excellent support, even though the problem was from somewhere else.

For anyone else dealing with the "illegal AF_CAN address" issue of libsocket-can-java on the newer linux OS versions, we made the following delta on our local copy of https://github.com/entropia/libsocket-c ... socket.cpp (and it seems to be working so far):
- if (len != sizeof(addr)) {
+ if (len > sizeof(addr)) {

Some background info:
"If the actual length of the address is greater than the length of the supplied sockaddr structure, the stored address shall be truncated."
- https://pubs.opengroup.org/onlinepubs/0 ... vfrom.html