Ubuntu
dkms package

Bug #1891519
Comment #0

Comment 0 for bug 1891519

Revision history for this message

bbhtt (bbhtt) wrote on 2020-08-13: vboxdrv.ko isn't signed on Virtualbox install when MOK is assigned alreay on kernel 5.8.0-16.17-generic 5.8.0, groovy proposed

Follow on from:

[1](https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1884652)
[3](https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1884652/comments/8)

# cat /sys/kernel/security/lockdown

none [integrity] confidentiality

# bootctl status

System:
     Firmware: n/a (n/a)
  Secure Boot: enabled
   Setup Mode: user
Boot into FW: supported

# xxd /lib/modules/$(uname -r)/updates/dkms/vboxdrv.ko| tail

0008ca10: 3100 0000 3d05 0000 0800 0000 0000 0000 1...=...........
0008ca20: 1800 0000 0000 0000 0900 0000 0300 0000 ................
0008ca30: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0008ca40: 3013 0500 0000 0000 68cd 0000 0000 0000 0.......h.......
0008ca50: 0000 0000 0000 0000 0100 0000 0000 0000 ................
0008ca60: 0000 0000 0000 0000 1100 0000 0300 0000 ................
0008ca70: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0008ca80: 08bc 0800 0000 0000 df01 0000 0000 0000 ................
0008ca90: 0000 0000 0000 0000 0100 0000 0000 0000 ................
0008caa0: 0000 0000 0000 0000 ........

# systemctl status virtualbox

● virtualbox.service - LSB: VirtualBox Linux kernel module
     Loaded: loaded (/etc/init.d/virtualbox; generated)
     Active: failed (Result: exit-code) since Thu 2020-08-13 12:58:50 UTC; 8min ago
       Docs: man:systemd-sysv-generator(8)

Aug 13 12:58:50 kortewegdevries systemd[1]: Starting LSB: VirtualBox Linux kernel module...
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: * Loading VirtualBox kernel modules...
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: * modprobe vboxdrv failed. Please use 'dmesg' to fin>
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: ...fail!
Aug 13 12:58:50 kortewegdevries systemd[1]: virtualbox.service: Control process exited, code=exited, st>
Aug 13 12:58:50 kortewegdevries systemd[1]: virtualbox.service: Failed with result 'exit-code'.
Aug 13 12:58:50 kortewegdevries systemd[1]: Failed to start LSB: VirtualBox Linux kernel module.
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: * Loading VirtualBox kernel modules...
Aug 13 12:58:50 kortewegdevries kernel: Lockdown: modprobe: unsigned module loading is restricted; see >
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: * modprobe vboxdrv failed. Please use 'dmesg' to fin>
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: ...fail!
Aug 13 12:58:50 kortewegdevries systemd[1]: virtualbox.service: Control process exited, code=exited, st>
Subject: Unit process exited
Defined-By: systemd
Support: http://www.ubuntu.com/support

An ExecStart= process belonging to unit virtualbox.service has exited.

The process' exit code is 'exited' and its exit status is 1.
Aug 13 12:58:50 kortewegdevries systemd[1]: virtualbox.service: Failed with result 'exit-code'.
Subject: Unit failed
Defined-By: systemd
Support: http://www.ubuntu.com/support

The unit virtualbox.service has entered the 'failed' state with result 'exit-code'.
Aug 13 12:58:50 kortewegdevries systemd[1]: Failed to start LSB: VirtualBox Linux kernel module.
Subject: A start job for unit virtualbox.service has failed
Defined-By: systemd
Support: http://www.ubuntu.com/support
A start job for unit virtualbox.service has finished with a failure.
The job identifier is 5769 and the job result is failed.

After rebooting with the broken virtualbox install following is printed on:

# journalctl -b 0|egrep -i "virt|vbox"

Aug 13 13:10:48 kortewegdevries systemd[1]: vboxweb.service: Can't open PID file /run/vboxweb.pid (yet?) after start: Operation not permitted
Aug 13 13:10:48 kortewegdevries systemd[1]: vboxweb.service: Failed with result 'protocol'.
Aug 13 13:10:48 kortewegdevries audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=vboxweb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Aug 13 13:10:48 kortewegdevries virtualbox[1278]: * Loading VirtualBox kernel modules...
Aug 13 13:11:12 kortewegdevries virtualbox[1278]: * modprobe vboxdrv failed. Please use 'dmesg' to find out why
Aug 13 13:11:12 kortewegdevries virtualbox[1278]: ...fail!
Aug 13 13:11:12 kortewegdevries systemd[1]: virtualbox.service: Control process exited, code=exited, status=1/FAILURE
Aug 13 13:11:12 kortewegdevries systemd[1]: virtualbox.service: Failed with result 'exit-code'.
Aug 13 13:11:12 kortewegdevries audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=virtualbox comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'

dkms version 2.8.3-4

Also see attached dmesg: lines 68-69,102 for secure boot; lines 696-709 where it loads two keys I signed manually at some point; lines 1106-1121 were probably after reinstalling virtualbox.

MOKs assigned (696-709): https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1884652/+attachment/5401381/+files/dmesg

Expected Outcome:

Once virtualbox-dkms is installed against a kernel, the modules are signed via a ncurses menu and future modules should also be signed silently and should work under secure boot without any intervention on kernel/system upgrades.

Actual outcome:

Modules are installed against current kernel but aren't signed on a fresh virtualbox install. Note that this was a upgrade from Focal beta to Focal to Groovy to proposed with do-release-upgrade.

Last known good state was on Focal.

ProblemType: Bug
DistroRelease: Ubuntu 20.10
ProcVersionSignature: Ubuntu 5.8.0-16.17-generic 5.8.0
Uname: Linux 5.8.0-16.17-generic x86_64
ApportVersion: 2.20.11-0ubuntu44
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: XFCE
Date: Thu Aug 13 15:06:44 2020
InstallationDate: Installed on 2020-04-17 (117 days ago)
InstallationMedia: Xubuntu 20.04 LTS "Focal Fossa" - Beta amd64 (20200416)
UpgradeStatus: Upgraded to groovy on 2020-08-04 (12 days ago)

Follow on from:

[1](https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1884652)
[3](https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1884652/comments/8)

# cat /sys/kernel/security/lockdown

none [integrity] confidentiality

# bootctl status

System:
     Firmware: n/a (n/a)
  Secure Boot: enabled
   Setup Mode: user
 Boot into FW: supported

# xxd /lib/modules/$(uname -r)/updates/dkms/vboxdrv.ko| tail

# systemctl status virtualbox

Aug 13 12:58:50 kortewegdevries systemd[1]: Starting LSB: VirtualBox Linux kernel module...
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: * Loading VirtualBox kernel modules...
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: * modprobe vboxdrv failed. Please use 'dmesg' to fin>
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: ...fail!
Aug 13 12:58:50 kortewegdevries systemd[1]: virtualbox.service: Control process exited, code=exited, st>
Aug 13 12:58:50 kortewegdevries systemd[1]: virtualbox.service: Failed with result 'exit-code'.
Aug 13 12:58:50 kortewegdevries systemd[1]: Failed to start LSB: VirtualBox Linux kernel module.
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: * Loading VirtualBox kernel modules...
Aug 13 12:58:50 kortewegdevries kernel: Lockdown: modprobe: unsigned module loading is restricted; see >
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: * modprobe vboxdrv failed. Please use 'dmesg' to fin>
Aug 13 12:58:50 kortewegdevries virtualbox[6653]: ...fail!
Aug 13 12:58:50 kortewegdevries systemd[1]: virtualbox.service: Control process exited, code=exited, st>
 Subject: Unit process exited
 Defined-By: systemd
  Support: http://www.ubuntu.com/support

An ExecStart= process belonging to unit virtualbox.service has exited.

The process' exit code is 'exited' and its exit status is 1.
Aug 13 12:58:50 kortewegdevries systemd[1]: virtualbox.service: Failed with result 'exit-code'.
 Subject: Unit failed
 Defined-By: systemd
 Support: http://www.ubuntu.com/support

The unit virtualbox.service has entered the 'failed' state with result 'exit-code'.
Aug 13 12:58:50 kortewegdevries systemd[1]: Failed to start LSB: VirtualBox Linux kernel module.
 Subject: A start job for unit virtualbox.service has failed
 Defined-By: systemd
 Support: http://www.ubuntu.com/support
A start job for unit virtualbox.service has finished with a failure.
The job identifier is 5769 and the job result is failed.

After rebooting with the broken virtualbox install following is printed on:

# journalctl -b 0|egrep -i "virt|vbox"

dkms version 2.8.3-4

Also see attached dmesg: lines 68-69,102 for secure boot; lines 696-709 where it loads two keys I signed manually at some point; lines 1106-1121 were probably after reinstalling virtualbox.

MOKs assigned (696-709): https://bugs.launchpad.net/ubuntu/+source/virtualbox/+bug/1884652/+attachment/5401381/+files/dmesg

Expected Outcome:

Actual outcome:

Modules are installed against current kernel but aren't signed on a fresh virtualbox install. Note that this was a upgrade from Focal beta to Focal to Groovy to proposed with do-release-upgrade.

Last known good state was on Focal.

ProblemType: Bug
DistroRelease: Ubuntu 20.10
ProcVersionSignature: Ubuntu 5.8.0-16.17-generic 5.8.0
Uname: Linux 5.8.0-16.17-generic x86_64
ApportVersion: 2.20.11-0ubuntu44 
Architecture: amd64
CasperMD5CheckResult: skip
CurrentDesktop: XFCE
Date: Thu Aug 13 15:06:44 2020
InstallationDate: Installed on 2020-04-17 (117 days ago)
InstallationMedia: Xubuntu 20.04 LTS "Focal Fossa" - Beta amd64 (20200416)
UpgradeStatus: Upgraded to groovy on 2020-08-04 (12 days ago)

Ubuntudkms package

Comment 0 for bug 1891519

Ubuntu
dkms package