Ubuntu
linux-lts-wily package

Missing support for loading modsig certificates from UEFI

Bug #1604934 reported by Matteo Panella
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-lts-wily (Ubuntu)
New
Undecided
Unassigned

Bug Description

4.2.0-42 was built without CONFIG_MODULE_SIG_UEFI so the kernel ignores the SecureBoot certificates and the user certificates enrolled as MOKs for module signature validation, forcing the user to either disable validation in shim through mokutil or disabling SecureBoot altogether.

The current linux-lts-xenial build has CONFIG_MODULE_SIG_UEFI=y in its config file and the related symbols (load_uefi_certs, get_cert_list...) are present in System.map. On the other hand, the current linux-lts-wily build lacks both:

# grep MODULE_SIG_UEFI /boot/config-4.2.0-42-generic
# grep load_uefi /boot/System.map-4.2.0-42-generic
# grep MODULE_SIG_UEFI config-4.4.0-31-generic
CONFIG_MODULE_SIG_UEFI=y
# grep load_uefi System.map-4.4.0-31-generic
ffffffff81d8431b t load_uefi_certs
ffffffff81e917d8 t __initcall_load_uefi_certs7

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-4.2.0-42-generic 4.2.0-42.49~14.04.1
ProcVersionSignature: Ubuntu 4.2.0-42.49~14.04.1-generic 4.2.8-ckt12
Uname: Linux 4.2.0-42-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.21
Architecture: amd64
CurrentDesktop: XFCE
Date: Wed Jul 20 21:18:31 2016
InstallationDate: Installed on 2016-01-24 (178 days ago)
InstallationMedia: Xubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: linux-lts-wily
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Matteo Panella (mpanella) wrote :
Matteo Panella (mpanella)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.