← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #30271

[Bug 1253155] [NEW] Failure to validate module signature at boot time

  Thread PreviousDate PreviousThread Next 
Public bug reported:

When booting under secureboot and using a signed kernel, it's expected
that all modules shipped alongside the kernel should validate and load
successfully without tainting the kernel.

Unfortunately it doesn't seem to always be the case. Looking through my
kernel logs, I see:

Nov 15 10:35:24 castiana kernel: [    1.635132] video: module
verification failed: signature and/or required key missing - tainting
kernel

or

Nov 12 12:58:48 castiana kernel: [213981.753326] Request for unknown
module key 'Magrathea: Glacier signing key:
f440a253eb498df923d438caa09b3b5d99308405' err -11

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.12.0-2-generic 3.12.0-2.7
ProcVersionSignature: Ubuntu 3.12.0-2.7-generic 3.12.0
Uname: Linux 3.12.0-2-generic x86_64
ApportVersion: 2.12.7-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
 USER        PID ACCESS COMMAND
 /dev/snd/controlC1:  stgraber   2721 F.... pulseaudio
 /dev/snd/controlC0:  stgraber   2721 F.... pulseaudio
 /dev/snd/pcmC0D0c:   stgraber   2721 F...m pulseaudio
 /dev/snd/pcmC0D0p:   stgraber   2721 F...m pulseaudio
CurrentDesktop: Unity
Date: Wed Nov 20 11:59:57 2013
InstallationDate: Installed on 2013-04-21 (213 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130420)
MachineType: LENOVO 2306CT0
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.12.0-2-generic.efi.signed root=UUID=14de4e20-b139-488e-863f-ec710f776851 ro quiet splash "acpi_osi=!Windows 2012" vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.12.0-2-generic N/A
 linux-backports-modules-3.12.0-2-generic  N/A
 linux-firmware                            1.117
SourcePackage: linux
StagingDrivers: zram
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/27/2013
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET96WW (2.56 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2306CT0
dmi.board.vendor: LENOVO
dmi.board.version: NO DPK
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG2ET96WW(2.56):bd08/27/2013:svnLENOVO:pn2306CT0:pvrThinkPadX230:rvnLENOVO:rn2306CT0:rvrNODPK:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2306CT0
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug staging trusty

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1253155

Title:
  Failure to validate module signature at boot time

Status in “linux” package in Ubuntu:
  New

Bug description:
  When booting under secureboot and using a signed kernel, it's expected
  that all modules shipped alongside the kernel should validate and load
  successfully without tainting the kernel.

  Unfortunately it doesn't seem to always be the case. Looking through
  my kernel logs, I see:

  Nov 15 10:35:24 castiana kernel: [    1.635132] video: module
  verification failed: signature and/or required key missing - tainting
  kernel

  or

  Nov 12 12:58:48 castiana kernel: [213981.753326] Request for unknown
  module key 'Magrathea: Glacier signing key:
  f440a253eb498df923d438caa09b3b5d99308405' err -11

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: linux-image-3.12.0-2-generic 3.12.0-2.7
  ProcVersionSignature: Ubuntu 3.12.0-2.7-generic 3.12.0
  Uname: Linux 3.12.0-2-generic x86_64
  ApportVersion: 2.12.7-0ubuntu1
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC1:  stgraber   2721 F.... pulseaudio
   /dev/snd/controlC0:  stgraber   2721 F.... pulseaudio
   /dev/snd/pcmC0D0c:   stgraber   2721 F...m pulseaudio
   /dev/snd/pcmC0D0p:   stgraber   2721 F...m pulseaudio
  CurrentDesktop: Unity
  Date: Wed Nov 20 11:59:57 2013
  InstallationDate: Installed on 2013-04-21 (213 days ago)
  InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130420)
  MachineType: LENOVO 2306CT0
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.12.0-2-generic.efi.signed root=UUID=14de4e20-b139-488e-863f-ec710f776851 ro quiet splash "acpi_osi=!Windows 2012" vt.handoff=7
  RelatedPackageVersions:
   linux-restricted-modules-3.12.0-2-generic N/A
   linux-backports-modules-3.12.0-2-generic  N/A
   linux-firmware                            1.117
  SourcePackage: linux
  StagingDrivers: zram
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 08/27/2013
  dmi.bios.vendor: LENOVO
  dmi.bios.version: G2ET96WW (2.56 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 2306CT0
  dmi.board.vendor: LENOVO
  dmi.board.version: NO DPK
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: dmi:bvnLENOVO:bvrG2ET96WW(2.56):bd08/27/2013:svnLENOVO:pn2306CT0:pvrThinkPadX230:rvnLENOVO:rn2306CT0:rvrNODPK:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.name: 2306CT0
  dmi.product.version: ThinkPad X230
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1253155/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next