← Back to team overview

kernel-packages team mailing list archive

[Bug 1241251] Re: Some kernel modules are failing digital signature checks during boot - kernel is tainted.

 

I am also facing the same problem, dmesg from last boot is just like
Pavel's:

[    0.626201] Write protecting the kernel read-only data: 12288k
[    0.627546] Freeing unused kernel memory: 1040K (ffff88000e6fc000 - ffff88000e800000)
[    0.628512] Freeing unused kernel memory: 836K (ffff88000eb2f000 - ffff88000ec00000)
[    0.634382] systemd-udevd[114]: starting version 204
[    0.643713] mii: module verification failed: signature and/or required key missing - tainting kernel
[    0.644296] ahci 0000:00:1f.2: version 3.0
[    0.644381] ahci 0000:00:1f.2: irq 42 for MSI/MSI-X
[    0.644778] r8169 Gigabit Ethernet driver 2.3LK-NAPI loaded
[    0.644783] r8169 0000:03:00.0: can't disable ASPM; OS doesn't have ASPM control
[    0.644981] r8169 0000:03:00.0: irq 43 for MSI/MSI-X

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1241251

Title:
  Some kernel modules are failing digital signature checks during boot -
  kernel is tainted.

Status in “linux” package in Ubuntu:
  Confirmed

Bug description:
  Initial configuration:
   Xubuntu 13.10 64-bit, iso SHA256 is:
  1862b69cffcfc41587109a971a8fe72b2dc26dbd762cdb4704965d668514fa95 *xubuntu-13.10-desktop-amd64.iso

  To reproduce:
  1) Verify that SHA256 of iso image is correct. I also checked GPG signature to make sure these are proper SHA256 hashes.
  2) Put ISO to USB flash stick. I used dd to put iso to 2Gb flash drive.
  3) Boot from USB flash and verify CD image using boot option to be extra sure ISO is not damaged.
  4) Make sure ISO checks are OK. 
  5) Now boot USB flash to live OS session ("Try ... without installing").
  6) Launch terminal.
  7) dmesg | grep -i taint
  8) Make sure kernel is getting tainted due to problems with some modules signatures. 

  Result:
  * On my desktop PC I'm getting kernel taint due to missing signature or key in module "mii" (used by RTL8169 driver).
  * On my notebook I'm getting kernel taint due to missing signature or key for "video" module (used by Intel GPU driver?)

  What's going up? Are your ISO images are okay? Or they were tampered
  with and some kernel modules are fakes? Please check ASAP.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1241251/+subscriptions