kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #103374
[Bug 1253155] Re: Failure to validate module signature at boot time
FWIW:
I also installed the lowlatency version of kernel 3.19, and that dmesg
doesn't show the lines "Request for unknown module key 'Magrathea:
Glacier signing key:"
sander@superstreamer:~$ uname -a
Linux superstreamer 3.19.0-031900-lowlatency #201502091451 SMP PREEMPT Mon Feb 9 14:58:45 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
sander@superstreamer:~$ dmesg | grep -i glacier
[ 6.957630] Loaded X.509 cert 'Magrathea: Glacier signing key: 4b8b0790309384d5db8e13c15cd6ff49eeeeef07'
To be complete: before 3.19 I was running 3.19-rc7, and that dmesg neither showed the lines "Request for unknown module key 'Magrathea: Glacier signing key:"
So it's something specific to 3.19 generic (amd64)?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-lts-raring in Ubuntu.
https://bugs.launchpad.net/bugs/1253155
Title:
Failure to validate module signature at boot time
Status in linux package in Ubuntu:
Fix Released
Status in linux-lts-raring package in Ubuntu:
Invalid
Status in linux source package in Precise:
Invalid
Status in linux-lts-raring source package in Precise:
Fix Released
Status in linux source package in Quantal:
Invalid
Status in linux-lts-raring source package in Quantal:
Invalid
Status in linux source package in Saucy:
Fix Released
Status in linux-lts-raring source package in Saucy:
Invalid
Status in linux source package in Trusty:
Fix Released
Status in linux-lts-raring source package in Trusty:
Invalid
Bug description:
When booting under secureboot and using a signed kernel, it's expected
that all modules shipped alongside the kernel should validate and load
successfully without tainting the kernel.
Unfortunately it doesn't seem to always be the case. Looking through
my kernel logs, I see:
Nov 15 10:35:24 castiana kernel: [ 1.635132] video: module
verification failed: signature and/or required key missing - tainting
kernel
or
Nov 12 12:58:48 castiana kernel: [213981.753326] Request for unknown
module key 'Magrathea: Glacier signing key:
f440a253eb498df923d438caa09b3b5d99308405' err -11
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.12.0-2-generic 3.12.0-2.7
ProcVersionSignature: Ubuntu 3.12.0-2.7-generic 3.12.0
Uname: Linux 3.12.0-2-generic x86_64
ApportVersion: 2.12.7-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: stgraber 2721 F.... pulseaudio
/dev/snd/controlC0: stgraber 2721 F.... pulseaudio
/dev/snd/pcmC0D0c: stgraber 2721 F...m pulseaudio
/dev/snd/pcmC0D0p: stgraber 2721 F...m pulseaudio
CurrentDesktop: Unity
Date: Wed Nov 20 11:59:57 2013
InstallationDate: Installed on 2013-04-21 (213 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130420)
MachineType: LENOVO 2306CT0
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.12.0-2-generic.efi.signed root=UUID=14de4e20-b139-488e-863f-ec710f776851 ro quiet splash "acpi_osi=!Windows 2012" vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-3.12.0-2-generic N/A
linux-backports-modules-3.12.0-2-generic N/A
linux-firmware 1.117
SourcePackage: linux
StagingDrivers: zram
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/27/2013
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET96WW (2.56 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2306CT0
dmi.board.vendor: LENOVO
dmi.board.version: NO DPK
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG2ET96WW(2.56):bd08/27/2013:svnLENOVO:pn2306CT0:pvrThinkPadX230:rvnLENOVO:rn2306CT0:rvrNODPK:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2306CT0
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1253155/+subscriptions
References
