kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #52119
[Bug 1253155] Re: Failure to validate module signature at boot time
This bug was fixed in the package linux-lts-raring -
3.8.0-38.56~precise1
---------------
linux-lts-raring (3.8.0-38.56~precise1) precise; urgency=low
[ Andy Whitcroft ]
* module signature does not use hash type in older releases
linux-lts-raring (3.8.0-38.55~precise1) precise; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1290512
[ Tim Gardner ]
* [Debian] Re-sign modules after debug objcopy
- LP: #1253155
linux-lts-raring (3.8.0-38.54~precise1) precise; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1290512
[ Upstream Kernel Changes ]
* netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper
- LP: #1274684
- CVE-2014-1690
* crypto: ansi_cprng - Fix off by one error in non-block size request
- LP: #1229981
- CVE-2013-4345
* xfs: underflow bug in xfs_attrlist_by_handle()
- LP: #1256091
- CVE-2013-6382
* crypto: s390 - fix concurrency issue in aes-ctr mode
- LP: #1289439
* crypto: s390 - fix des and des3_ede cbc concurrency issue
- LP: #1289439
* crypto: s390 - fix des and des3_ede ctr concurrency issue
- LP: #1289439
* [media] mxl111sf: Fix unintentional garbage stack read
- LP: #1289439
* [media] mxl111sf: Fix compile when CONFIG_DVB_USB_MXL111SF is unset
- LP: #1289439
* [media] af9035: add ID [2040:f900] Hauppauge WinTV-MiniStick 2
- LP: #1289439
* arm64: vdso: prevent ld from aligning PT_LOAD segments to 64k
- LP: #1289439
* arm64: add DSB after icache flush in __flush_icache_all()
- LP: #1289439
* arm64: Invalidate the TLB when replacing pmd entries during boot
- LP: #1289439
* arm64: vdso: fix coarse clock handling
- LP: #1289439
* arm64: vdso: update wtm fields for CLOCK_MONOTONIC_COARSE
- LP: #1289439
* drm/mgag200,ast,cirrus: fix regression with drm_can_sleep conversion
- LP: #1289439
* x86, hweight: Fix BUG when booting with CONFIG_GCOV_PROFILE_ALL=y
- LP: #1289439
* mm/swap: fix race on swap_info reuse between swapoff and swapon
- LP: #1289439
* mm: __set_page_dirty_nobuffers() uses spin_lock_irqsave() instead of
spin_lock_irq()
- LP: #1289439
* mm: __set_page_dirty uses spin_lock_irqsave instead of spin_lock_irq
- LP: #1289439
* staging:iio:ad799x fix error_free_irq which was freeing an irq that may
not have been requested
- LP: #1289439
* KVM: return an error code in kvm_vm_ioctl_register_coalesced_mmio()
- LP: #1289439
* block: __elv_next_request() shouldn't call into the elevator if
bypassing
- LP: #1289439
* power: max17040: Fix NULL pointer dereference when there is no
platform_data
- LP: #1289439
* s390/dump: Fix dump memory detection
- LP: #1289439
* ath9k_htc: make ->sta_rc_update atomic for most calls
- LP: #1289439
* ath9k_htc: Do not support PowerSave by default
- LP: #1289439
* ar5523: fix usb id for Gigaset.
- LP: #1289439
* ath9k: Do not support PowerSave by default
- LP: #1289439
* spi: nuc900: Set SPI_LSB_FIRST for master->mode_bits if hw->pdata->lsb
is true
- LP: #1289439
* usb: ftdi_sio: add Mindstorms EV3 console adapter
- LP: #1289439
* usb-storage: restrict bcdDevice range for Super Top in Cypress ATACB
- LP: #1289439
* usb-storage: add unusual-devs entry for BlackBerry 9000
- LP: #1289439
* usb-storage: enable multi-LUN scanning when needed
- LP: #1289439
* of: Fix address decoding on Bimini and js2x machines
- LP: #1289439
* of: fix PCI bus match for PCIe slots
- LP: #1289439
* usb: qcserial: add Netgear Aircard 340U
- LP: #1289439
* USB: ftdi_sio: add Tagsys RFID Reader IDs
- LP: #1289439
* mac80211: move roc cookie assignment earlier
- LP: #1289439
* mac80211: release the channel in error path in start_ap
- LP: #1289439
* mac80211: Fix IBSS disconnect
- LP: #1289439
* mac80211: fix fragmentation code, particularly for encryption
- LP: #1289439
* time: Fix overflow when HZ is smaller than 60
- LP: #1289439
* ALSA: hda - Fix mic capture on Sony VAIO Pro 11
- LP: #1289439
* VME: Correct read/write alignment algorithm
- LP: #1289439
* Drivers: hv: vmbus: Don't timeout during the initial connection with
host
- LP: #1289439
* raw: test against runtime value of max_raw_minors
- LP: #1289439
* tty: n_gsm: Fix for modems with brk in modem status control
- LP: #1289439
* staging: comedi: adv_pci1710: fix analog output readback value
- LP: #1289439
* xen-blkfront: handle backend CLOSED without CLOSING
- LP: #1289439
* Modpost: fixed USB alias generation for ranges including 0x9 and 0xA
- LP: #1289439
* fs/file.c:fdtable: avoid triggering OOMs from alloc_fdmem
- LP: #1289439
* genirq: Add missing irq_to_desc export for CONFIG_SPARSE_IRQ=n
- LP: #1289439
* xen: install xen/gntdev.h and xen/gntalloc.h
- LP: #1289439
* ring-buffer: Fix first commit on sub-buffer having non-zero delta
- LP: #1289439
* usb: option: blacklist ZTE MF667 net interface
- LP: #1289439
* ftrace/x86: Use breakpoints for converting function graph caller
- LP: #1289439
* block: add cond_resched() to potentially long running ioctl discard
loop
- LP: #1289439
* md/raid5: Fix CPU hotplug callback registration
- LP: #1289439
* compiler/gcc4: Make quirk for asm_volatile_goto() unconditional
- LP: #1289439
* x86, smap: Don't enable SMAP if CONFIG_X86_SMAP is disabled
- LP: #1289439
* x86, smap: smap_violation() is bogus if CONFIG_X86_SMAP is off
- LP: #1289439
* lockd: send correct lock when granting a delayed lock.
- LP: #1289439
* IB/qib: Add missing serdes init sequence
- LP: #1289439
* EDAC: Poll timeout cannot be zero, p2
- LP: #1289439
* EDAC: Correct workqueue setup path
- LP: #1289439
* kvm: x86: fix apic_base enable check
- LP: #1289439
* Linux 3.8.13.19
- LP: #1289439
-- Brad Figg <brad.figg@xxxxxxxxxxxxx> Thu, 13 Mar 2014 08:42:48 -0700
** Changed in: linux-lts-raring (Ubuntu Precise)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4345
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-6382
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-1690
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1253155
Title:
Failure to validate module signature at boot time
Status in “linux” package in Ubuntu:
Fix Released
Status in “linux-lts-raring” package in Ubuntu:
Invalid
Status in “linux” source package in Precise:
Invalid
Status in “linux-lts-raring” source package in Precise:
Fix Released
Status in “linux” source package in Quantal:
Invalid
Status in “linux-lts-raring” source package in Quantal:
Invalid
Status in “linux” source package in Saucy:
Fix Released
Status in “linux-lts-raring” source package in Saucy:
Invalid
Status in “linux” source package in Trusty:
Fix Released
Status in “linux-lts-raring” source package in Trusty:
Invalid
Bug description:
When booting under secureboot and using a signed kernel, it's expected
that all modules shipped alongside the kernel should validate and load
successfully without tainting the kernel.
Unfortunately it doesn't seem to always be the case. Looking through
my kernel logs, I see:
Nov 15 10:35:24 castiana kernel: [ 1.635132] video: module
verification failed: signature and/or required key missing - tainting
kernel
or
Nov 12 12:58:48 castiana kernel: [213981.753326] Request for unknown
module key 'Magrathea: Glacier signing key:
f440a253eb498df923d438caa09b3b5d99308405' err -11
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.12.0-2-generic 3.12.0-2.7
ProcVersionSignature: Ubuntu 3.12.0-2.7-generic 3.12.0
Uname: Linux 3.12.0-2-generic x86_64
ApportVersion: 2.12.7-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: stgraber 2721 F.... pulseaudio
/dev/snd/controlC0: stgraber 2721 F.... pulseaudio
/dev/snd/pcmC0D0c: stgraber 2721 F...m pulseaudio
/dev/snd/pcmC0D0p: stgraber 2721 F...m pulseaudio
CurrentDesktop: Unity
Date: Wed Nov 20 11:59:57 2013
InstallationDate: Installed on 2013-04-21 (213 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130420)
MachineType: LENOVO 2306CT0
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.12.0-2-generic.efi.signed root=UUID=14de4e20-b139-488e-863f-ec710f776851 ro quiet splash "acpi_osi=!Windows 2012" vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-3.12.0-2-generic N/A
linux-backports-modules-3.12.0-2-generic N/A
linux-firmware 1.117
SourcePackage: linux
StagingDrivers: zram
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/27/2013
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET96WW (2.56 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2306CT0
dmi.board.vendor: LENOVO
dmi.board.version: NO DPK
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG2ET96WW(2.56):bd08/27/2013:svnLENOVO:pn2306CT0:pvrThinkPadX230:rvnLENOVO:rn2306CT0:rvrNODPK:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2306CT0
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1253155/+subscriptions
References