← Back to team overview

kernel-packages team mailing list archive

[Bug 1241251] Re: Some kernel modules are failing digital signature checks during boot - kernel is tainted.

 

** Changed in: linux (Ubuntu)
   Importance: Medium => High

** Tags added: kernel-key

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1241251

Title:
  Some kernel modules are failing digital signature checks during boot -
  kernel is tainted.

Status in “linux” package in Ubuntu:
  Confirmed

Bug description:
  Initial configuration:
   Xubuntu 13.10 64-bit, iso SHA256 is:
  1862b69cffcfc41587109a971a8fe72b2dc26dbd762cdb4704965d668514fa95 *xubuntu-13.10-desktop-amd64.iso

  To reproduce:
  1) Verify that SHA256 of iso image is correct. I also checked GPG signature to make sure these are proper SHA256 hashes.
  2) Put ISO to USB flash stick. I used dd to put iso to 2Gb flash drive.
  3) Boot from USB flash and verify CD image using boot option to be extra sure ISO is not damaged.
  4) Make sure ISO checks are OK. 
  5) Now boot USB flash to live OS session ("Try ... without installing").
  6) Launch terminal.
  7) dmesg | grep -i taint
  8) Make sure kernel is getting tainted due to problems with some modules signatures. 

  Result:
  * On my desktop PC I'm getting kernel taint due to missing signature or key in module "mii" (used by RTL8169 driver).
  * On my notebook I'm getting kernel taint due to missing signature or key for "video" module (used by Intel GPU driver?)

  What's going up? Are your ISO images are okay? Or they were tampered
  with and some kernel modules are fakes? Please check ASAP.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1241251/+subscriptions