Failure to validate module signature at boot time
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Tim Gardner | ||
Precise |
Invalid
|
Undecided
|
Andy Whitcroft | ||
Quantal |
Invalid
|
Undecided
|
Andy Whitcroft | ||
Saucy |
Fix Released
|
Medium
|
Tim Gardner | ||
Trusty |
Fix Released
|
High
|
Tim Gardner | ||
linux-lts-raring (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Andy Whitcroft | ||
Quantal |
Invalid
|
Undecided
|
Unassigned | ||
Saucy |
Invalid
|
Undecided
|
Unassigned | ||
Trusty |
Invalid
|
Undecided
|
Unassigned |
Bug Description
When booting under secureboot and using a signed kernel, it's expected that all modules shipped alongside the kernel should validate and load successfully without tainting the kernel.
Unfortunately it doesn't seem to always be the case. Looking through my kernel logs, I see:
Nov 15 10:35:24 castiana kernel: [ 1.635132] video: module verification failed: signature and/or required key missing - tainting kernel
or
Nov 12 12:58:48 castiana kernel: [213981.753326] Request for unknown module key 'Magrathea: Glacier signing key: f440a253eb498df
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-
ProcVersionSign
Uname: Linux 3.12.0-2-generic x86_64
ApportVersion: 2.12.7-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/
/dev/snd/
/dev/snd/pcmC0D0c: stgraber 2721 F...m pulseaudio
/dev/snd/pcmC0D0p: stgraber 2721 F...m pulseaudio
CurrentDesktop: Unity
Date: Wed Nov 20 11:59:57 2013
InstallationDate: Installed on 2013-04-21 (213 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130420)
MachineType: LENOVO 2306CT0
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=
RelatedPackageV
linux-
linux-
linux-firmware 1.117
SourcePackage: linux
StagingDrivers: zram
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/27/2013
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET96WW (2.56 )
dmi.board.
dmi.board.name: 2306CT0
dmi.board.vendor: LENOVO
dmi.board.version: NO DPK
dmi.chassis.
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.
dmi.modalias: dmi:bvnLENOVO:
dmi.product.name: 2306CT0
dmi.product.
dmi.sys.vendor: LENOVO
Related branches
Changed in linux (Ubuntu Saucy): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux (Ubuntu Trusty): | |
status: | Confirmed → In Progress |
Changed in linux (Ubuntu Trusty): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Saucy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Saucy): | |
importance: | Undecided → Medium |
tags: |
added: verification-done-saucy removed: verification-needed-saucy |
Changed in linux (Ubuntu Saucy): | |
status: | Fix Committed → Fix Released |
Changed in linux (Ubuntu Saucy): | |
status: | Fix Released → Fix Committed |
Changed in linux-lts-raring (Ubuntu Saucy): | |
status: | New → Invalid |
Changed in linux-lts-raring (Ubuntu): | |
status: | New → Invalid |
Changed in linux-lts-raring (Ubuntu Quantal): | |
status: | New → Invalid |
Changed in linux-lts-raring (Ubuntu Precise): | |
assignee: | nobody → Andy Whitcroft (apw) |
status: | New → In Progress |
Changed in linux-lts-raring (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in linux-lts-raring (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Attaching an older kernel log which contains the examples mentioned in the report.