ubuntu@ubuntu-xenial:~$ sudo ./insert-sys-cert -s /boot/System.map-4.4.0-15-generic -z /boot/vmlinuz-4.4.0-15-generic -c cert.x509
...
INFO: Inserted the contents of cert.x509 into ffffffff82075ffa.
INFO: Used 1308 bytes out of 4096 bytes reserved.
INFO: Executing: gzip -n -f -9 <vmlinux-PquuG7 >vmlinux-0ZuoLz
ERROR: Increase in compressed size is not supported.
ERROR: Old size was 6952429, new size is 6956652
------- Comment From <email address hidden> 2016-03-23 10:29 EDT-------
Making comment from Mehmet Kayaalp external:
In the 4.4.0-15.31 kernel the reserved space is not filled with randomized bytes. The second step of the build seems to be skipped.
---quote--- insert- sys-cert -b vmlinux -c /dev/null
make vmlinux
scripts/
make bzImage
The 2nd step above changes the reserved memory to randomized.
---quote---
This results in a larger vmlinux when the key is inserted:
ubuntu@ ubuntu- xenial: ~$ uname -a
Linux ubuntu-xenial 4.4.0-15-generic #31-Ubuntu SMP Fri Mar 18 19:08:31 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@ ubuntu- xenial: ~$ sudo grep SYSTEM_EXTRA /boot/config- 4.4.0-15- generic SYSTEM_ EXTRA_CERTIFICA TE=y SYSTEM_ EXTRA_CERTIFICA TE_SIZE= 4096
CONFIG_
CONFIG_
ubuntu@ ubuntu- xenial: ~$ sudo ./insert-sys-cert -s /boot/System. map-4.4. 0-15-generic -z /boot/vmlinuz- 4.4.0-15- generic -c cert.x509
...
INFO: Inserted the contents of cert.x509 into ffffffff82075ffa.
INFO: Used 1308 bytes out of 4096 bytes reserved.
INFO: Executing: gzip -n -f -9 <vmlinux-PquuG7 >vmlinux-0ZuoLz
ERROR: Increase in compressed size is not supported.
ERROR: Old size was 6952429, new size is 6956652