Comments (23)
Hi @AndySchroder - can you please post the full installation instructions that worked for you? I too am having issues installing. I got past the self signing step by generating signing keys. But then I get this error on the insmod step:
insmod: ERROR: could not insert module ./net/can/can-isotp.ko: Operation not permitted
Not sure if that was related to what you experienced. Thanks.
I solved this on Alpine Linux v3.12 on a Raspberry Pi 4 (Linux localhost 5.4.82-0-rpi4 #1-Alpine SMP PREEMPT Thu Dec 10 09:39:45 UTC 2020 aarch64 Linux
) by doing:
apk add linux-rpi4-dev make g++ git
git clone https://github.com/hartkopp/can-isotp.git
cd can-isotp
make -C /usr/src/linux-headers-5.4.84-0-rpi4 M=$(pwd) modules
modprobe can
insmod net/can/can-isotp.ko
For Raspberry Pi Zero/Zero W: (armhf
/ Linux localhost 5.4.82-0-rpi #1-Alpine Thu Dec 10 08:59:43 UTC 2020 armv6l Linux
):
apk add linux-rpi-dev make g++ git
git clone https://github.com/hartkopp/can-isotp.git
cd can-isotp
make -C /usr/src/linux-headers-5.4.84-0-rpi M=$(pwd) modules
modprobe can
insmod net/can/can-isotp.ko
from can-isotp.
The final solution is to install a Linux 5.10+ kernel on your box which has can-isotp on board ;-)
from can-isotp.
Are you sure?
make modules_install
automatically runs depmod
and I can find
extra/net/can/can-isotp.ko: kernel/net/can/can.ko
at the end of /lib/modules/5.6.0-rc1/modules.dep
from can-isotp.
What can I do to uninstall and re-test? I'm not sure how to uninstall.
from can-isotp.
I would just remove extra/net/can/can-isotp.ko
, run depmod
again and then grep for 'isotp' in modules.dep if is really removed.
But I don't know if this is the 'right way'(TM) :-)
from can-isotp.
Hi @AndySchroder - can you please post the full installation instructions that worked for you? I too am having issues installing. I got past the self signing step by generating signing keys. But then I get this error on the insmod step:
insmod: ERROR: could not insert module ./net/can/can-isotp.ko: Operation not permitted
Not sure if that was related to what you experienced. Thanks.
from can-isotp.
Operation not permitted
-> you need to be root (admin user) ; alternatively use sudo insmod ...
from can-isotp.
@hartkopp Yes, I ran that command with sudo. Same result
Edit: I am using Ubuntu 18.04
from can-isotp.
Can you check with dmesg
what the kernel log tells you about the failure?
This is often more detailed then just Operation not permitted
:-)
from can-isotp.
I just did a fresh install of Ubuntu 18.04.4 on a new computer. It still required me to run sudo depmod -a
after installing in order for it to work. Here is the output of sudo make modules_install
$ sudo make modules_install
make -C /lib/modules/5.3.0-40-generic/build M=/home/xxxx/Desktop/yyy/installers/can-isotp modules_install
make[1]: Entering directory '/usr/src/linux-headers-5.3.0-40-generic'
INSTALL /home/xxxx/Desktop/yyy/installers/can-isotp/net/can/can-isotp.ko
DEPMOD 5.3.0-40-generic
Warning: modules_install: missing 'System.map' file. Skipping depmod.
make[1]: Leaving directory '/usr/src/linux-headers-5.3.0-40-generic'
$
I don't remember if it had Warning: modules_install: missing 'System.map' file. Skipping depmod.
last time. It looks like my issue is related to #15 .
After running sudo make modules_install
, but before running sudo depmod -a
, python-can-isotp
gives me
OSError: [Errno 93] Protocol not supported
I didn't try running isotprecv
this time, but on the other computer, neither worked until I ran sudo depmod -a
.
P.S. This time I just copied the kernel signing keys over from the other computer, so they were totally setup before I did anything with make
and can-isotp
.
from can-isotp.
Did modprobe can-isotp
return without errors?
from can-isotp.
I recently upgraded an existing system to Ubuntu 18.04.4. This system did not ever have can-isotp installed.
This is the 3rd sytem I've installed can-isotp on.
This time, I ran into a road block because it is a newer UEFI system with Secure Boot. Apparently without secure boot, if you have a keypair stored in /lib/modules/$(uname -r)/build/certs/
, sudo make modules_install
works and then as mentioned at the beginning of this thread, if you run sudo depmod -a
, then everything is fine.
With Secure Boot, it seems as though the keypair stored in /lib/modules/$(uname -r)/build/certs/
is ignored and when you run sudo modprobe can-isotp
(after running sudo make modules_install
), you get modprobe: ERROR: could not insert 'can_isotp': Required key not available
.
On my system, I can run the command sudo kmodsign sha512 /var/lib/shim-signed/mok/MOK.priv /var/lib/shim-signed/mok/MOK.der /lib/modules/$(uname -r)/extra/net/can/can-isotp.ko
after running sudo make modules_install
. This then signs the kernel module with my Machine Owner Key (MOK). After this signing, can-isotp instantly worked without requiring sudo depmod -a
to be run (although I'm not 100% sure that a former run of sudo depmod -a
or sudo modprobe can-isotp
, that I did while mucking around before I figured out that kmodsign
was needed to get the module properly signed, did the trick).
I believe that this MOK on my system was generated when installing the dkms
package while trying to get VirtualBox kernel drivers to work, because part of that process required me to generate a password and then reboot to install a MOK into the system and supply that generated password.
As a side note, how is signing of kernel modules even secure if the private key stored in /var/lib/shim-signed/mok/MOK.priv
is a world readable file?
from can-isotp.
Hello Andy,
thanks for the documentation! I looks like the dkms
install really brings the keys to be able to sign the own modules. Good to know!!
I was too cowardly to fiddle with an additional key and bringing it into UEFI on my dual-boot setup with W10 so I disabled secure boot on my machine with mokutil --disable-validation
:
https://wiki.ubuntu.com/UEFI/SecureBoot/DKMS
It's a pretty interesting process to give a password on your running Linux which is required to confirm the transition in the next boot process.
Regarding your side note: Once you are able to correctly boot into the cryptographic secured system and also have credentials to be root you are probably allowed to do signings. But I also wonder why the MOK.priv
file is world readable then. Being root-only readable should be better. Maybe a bug in Ubuntu worth to be filed in their bugtracker?!?
from can-isotp.
Did you actually test installing dkms
and it worked for you or are you taking my word for it? I don't know for 100% sure because I haven't done another fresh Ubuntu installation on a new computer with secure boot yet.
Here are a few write ups that describe the process that I think happened for me when installing dkms
regarding the password used on reboot
- https://wiki.debian.org/SecureBoot#Enroling_a_new_key
- https://wiki.ubuntu.com/UEFI/SecureBoot#How_can_I_do_non-automated_signing_of_drivers.3F
Where is the relevant Ubuntu bug tracker that I might submit a query about the permissions of the private key?
from can-isotp.
Did you actually test installing
dkms
... ?
No. In fact I have only one Laptop which supports secure boot and I have to preserve the setup there.
Here are a few write ups that describe the process that I think happened for me when installing
dkms
regarding the password used on reboot* https://wiki.debian.org/SecureBoot#Enroling_a_new_key * https://wiki.ubuntu.com/UEFI/SecureBoot#How_can_I_do_non-automated_signing_of_drivers.3F
Thanks!
Where is the relevant Ubuntu bug tracker that I might submit a query about the permissions of the private key?
IDK. Would need to google too ;-)
from can-isotp.
You can obviously file Ubuntu problems of this type in Ubuntu Launchpad https://launchpad.net/ubuntu :
Like this one: https://bugs.launchpad.net/ubuntu/+source/curtin/+bug/1878115
:-D
from can-isotp.
Hello,
Just ran into the same installation issue with newest Ubuntu on UEFI + Secure Boot, Thanks to your conversation I could solve the issue easily.
I was wondering if it would be worth it to add a note in the Readme to directly link to Andy's comment above? I will push something if you agree.
from can-isotp.
Pull requests are appreciated ;-)
Thanks!
from can-isotp.
Thanks for the feedback - although I thought the issue was about secure boot problems, which we do not have on RasPi, right?
from can-isotp.
hello ,
did anyone solve the problem of secure boot ? i am facing the same problem *
thanks :D
from can-isotp.
UPDATE:
I was doing some digging and there is an entry can_isotp
in /sys/module
(no idea what it means) and a can-isotp.ko
file in /usr/lib/modules/5.4.0-1047-raspi/extra/net/can
(which must be the missing kernel module?).
But all the files have todays date so I guess they are from the repo build and not the Raspberry Pi Ubuntu distribution.
ORIGINAL:
The final solution is to install a Linux 5.10+ kernel on your box which has can-isotp on board ;-)
Is this sufficient? I ended up at this repo to do a manual install and I am running the latest
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.0-1047-raspi aarch64)
The make step looks OK but the next step shows some errors.
% sudo make modules_install
make -C /lib/modules/5.4.0-1047-raspi/build M=/home/sillygoose/can-isotp modules_install
make[1]: Entering directory '/usr/src/linux-headers-5.4.0-1047-raspi'
INSTALL /home/sillygoose/can-isotp/net/can/can-isotp.ko
At main.c:160:
- SSL error:02001002:system library:fopen:No such file or directory: ../crypto/bio/bss_file.c:69
- SSL error:2006D080:BIO routines:BIO_new_file:no such file: ../crypto/bio/bss_file.c:76
sign-file: certs/signing_key.pem: No such file or directory
DEPMOD 5.4.0-1047-raspi
Warning: modules_install: missing 'System.map' file. Skipping depmod.
make[1]: Leaving directory '/usr/src/linux-headers-5.4.0-1047-raspi'
Perhaps it is all signing related but if I finish up manually:
% sudo modprobe can
% sudo insmod ./net/can/can-isotp.ko
I find that I am up and running, except I have to load the module on reboot (until I learn how to make it persist).
Thanks for letting me explore UDS over the CAN bus.
from can-isotp.
Thanks for the update!! This kind of feedback is definitely very valuable for other people having such problems (including me) ;-)
Have fun!
from can-isotp.
from can-isotp.
Related Issues (20)
- Catching missing Flow Control Frame during data transmission HOT 1
- blocking read() function using ISO-TP driver ! HOT 7
- Not able to build for raspberry pi HOT 1
- difference between python-can-isotp and can-isotp and stmin discrepancy HOT 2
- use read() function and add notify function. HOT 18
- ERRNO 84 on recv() HOT 2
- FlowControl: isotp vs. "real" OBD2 adapter behavior HOT 4
- how to send > 4095 isotp message HOT 3
- wait_tx_done does not seem to be working [RPi + python-can-isotp] HOT 31
- MAX_MSG_LENGTH to 66000 commit is missing from this repo HOT 1
- When trying to read 8K messages on ISO-TP socket using Classic CAN receive back -1 with errno 110 ETIMEDOUT HOT 5
- FlowControl frame address tx_id vs. rx_id - 8? HOT 2
- Unrecoverable error when using python socket with CAN_ISOTP. HOT 8
- Sending rate cannot be faster than 300us HOT 12
- unstable transmission of data: sequence number of consecutive frames get messed up HOT 3
- MSG_CMSG_COMPAT set by the kernel for `recvmsg` HOT 7
- Compiling of branch mainline-5.4+ HOT 2
- IP over CAN ISO-TP multi-host HOT 2
- Address extension in one direction but not the other HOT 2
- ISOTP module does not ignore the priority bits (high 3 bits of extended ID) HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from can-isotp.