kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #31129
[Bug 1253155] Re: Failure to validate module signature at boot time
I get the "module verification failed" messages for libahci.ko. If the
module is signed, running:
hexdump -C /path/to/module | tail -n 5
should show the string "~Module signature appended~" at the end. I see
that with i915.ko for example, but with video.ko and libahci.ko I do
not. After a little poking around I'm fairly well convinced that the
ones lacking signatures are all in the generic inclusion list. These
modules must be getting stripped in such a way that the signatures are
getting removed, or something like that.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1253155
Title:
Failure to validate module signature at boot time
Status in “linux” package in Ubuntu:
Confirmed
Bug description:
When booting under secureboot and using a signed kernel, it's expected
that all modules shipped alongside the kernel should validate and load
successfully without tainting the kernel.
Unfortunately it doesn't seem to always be the case. Looking through
my kernel logs, I see:
Nov 15 10:35:24 castiana kernel: [ 1.635132] video: module
verification failed: signature and/or required key missing - tainting
kernel
or
Nov 12 12:58:48 castiana kernel: [213981.753326] Request for unknown
module key 'Magrathea: Glacier signing key:
f440a253eb498df923d438caa09b3b5d99308405' err -11
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.12.0-2-generic 3.12.0-2.7
ProcVersionSignature: Ubuntu 3.12.0-2.7-generic 3.12.0
Uname: Linux 3.12.0-2-generic x86_64
ApportVersion: 2.12.7-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: stgraber 2721 F.... pulseaudio
/dev/snd/controlC0: stgraber 2721 F.... pulseaudio
/dev/snd/pcmC0D0c: stgraber 2721 F...m pulseaudio
/dev/snd/pcmC0D0p: stgraber 2721 F...m pulseaudio
CurrentDesktop: Unity
Date: Wed Nov 20 11:59:57 2013
InstallationDate: Installed on 2013-04-21 (213 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130420)
MachineType: LENOVO 2306CT0
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.12.0-2-generic.efi.signed root=UUID=14de4e20-b139-488e-863f-ec710f776851 ro quiet splash "acpi_osi=!Windows 2012" vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-3.12.0-2-generic N/A
linux-backports-modules-3.12.0-2-generic N/A
linux-firmware 1.117
SourcePackage: linux
StagingDrivers: zram
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/27/2013
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET96WW (2.56 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2306CT0
dmi.board.vendor: LENOVO
dmi.board.version: NO DPK
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG2ET96WW(2.56):bd08/27/2013:svnLENOVO:pn2306CT0:pvrThinkPadX230:rvnLENOVO:rn2306CT0:rvrNODPK:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2306CT0
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1253155/+subscriptions
References