kernel-packages team mailing list archive

Thread
Date

[Bug 1241251] [NEW] Some kernel modules are failing digital signature checks during boot - kernel is tainted.

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1241251@xxxxxxxxxxxxxxxxxx>
Date: Fri, 18 Oct 2013 01:19:37 -0000
Reply-to: Bug 1241251 <1241251@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug:

Initial configuration:
Xubuntu 13.10 64-bit, iso SHA256 is:
1862b69cffcfc41587109a971a8fe72b2dc26dbd762cdb4704965d668514fa95 *xubuntu-13.10-desktop-amd64.iso

To reproduce:
1) Verify that SHA256 of iso image is correct. I also checked GPG signature to make sure these are proper SHA256 hashes.
2) Put ISO to USB flash stick. I used dd to put iso to 2Gb flash drive.
3) Boot from USB flash and verify CD image using boot option to be extra sure ISO is not damaged.
4) Make sure ISO checks are OK.
5) Now boot USB flash to live OS session ("Try ... without installing").
6) Launch terminal.
7) dmesg | grep -i taint
8) Make sure kernel is getting tainted due to problems with some modules signatures.

Result:
* On my desktop PC I'm getting kernel taint due to missing signature or key in module "mii" (used by RTL8169 driver).
* On my notebook I'm getting kernel taint due to missing signature or key for "video" module (used by Intel GPU driver?)

What's going up? Are your ISO images are okay? Or they were tampered
with and some kernel modules are fakes? Please check ASAP.

** Affects: linux (Ubuntu)
Importance: Undecided
Status: New

** Tags: bot-comment digital fail kernel module signatire verification
--
Some kernel modules are failing digital signature checks during boot - kernel is tainted.
https://bugs.launchpad.net/bugs/1241251
You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.