Ubuntu
linux-lts-wily package

  1. Bug #1604934
  2. Activity log

Activity log for bug #1604934

Date Who What changed Old value New value Message
2016-07-20 19:27:49 Matteo Panella bug added bug
2016-07-20 19:43:08 Matteo Panella description 4.2.0-42 was built without CONFIG_MODULE_SIG_UEFI so the kernel ignores the SecureBoot certificates and the user certificates enrolled as MOKs for module signature validation, forcing the user to either disable validation in shim through mokutil or disabling SecureBoot altogether. The current linux-lts-xenial build has CONFIG_MODULE_SIG_UEFI=y in its config file and the related symbols (load_uefi_certs, get_cert_list...) are present in System.map. On the other end, the current linux-lts-wily build lacks both: # grep MODULE_SIG_UEFI /boot/config-4.2.0-42-generic # grep load_uefi /boot/System.map-4.2.0-42-generic # grep MODULE_SIG_UEFI config-4.4.0-31-generic CONFIG_MODULE_SIG_UEFI=y # grep load_uefi System.map-4.4.0-31-generic ffffffff81d8431b t load_uefi_certs ffffffff81e917d8 t __initcall_load_uefi_certs7 ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-4.2.0-42-generic 4.2.0-42.49~14.04.1 ProcVersionSignature: Ubuntu 4.2.0-42.49~14.04.1-generic 4.2.8-ckt12 Uname: Linux 4.2.0-42-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.21 Architecture: amd64 CurrentDesktop: XFCE Date: Wed Jul 20 21:18:31 2016 InstallationDate: Installed on 2016-01-24 (178 days ago) InstallationMedia: Xubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805) SourcePackage: linux-lts-wily UpgradeStatus: No upgrade log present (probably fresh install) 4.2.0-42 was built without CONFIG_MODULE_SIG_UEFI so the kernel ignores the SecureBoot certificates and the user certificates enrolled as MOKs for module signature validation, forcing the user to either disable validation in shim through mokutil or disabling SecureBoot altogether. The current linux-lts-xenial build has CONFIG_MODULE_SIG_UEFI=y in its config file and the related symbols (load_uefi_certs, get_cert_list...) are present in System.map. On the other hand, the current linux-lts-wily build lacks both: # grep MODULE_SIG_UEFI /boot/config-4.2.0-42-generic # grep load_uefi /boot/System.map-4.2.0-42-generic # grep MODULE_SIG_UEFI config-4.4.0-31-generic CONFIG_MODULE_SIG_UEFI=y # grep load_uefi System.map-4.4.0-31-generic ffffffff81d8431b t load_uefi_certs ffffffff81e917d8 t __initcall_load_uefi_certs7 ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: linux-image-4.2.0-42-generic 4.2.0-42.49~14.04.1 ProcVersionSignature: Ubuntu 4.2.0-42.49~14.04.1-generic 4.2.8-ckt12 Uname: Linux 4.2.0-42-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.21 Architecture: amd64 CurrentDesktop: XFCE Date: Wed Jul 20 21:18:31 2016 InstallationDate: Installed on 2016-01-24 (178 days ago) InstallationMedia: Xubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805) SourcePackage: linux-lts-wily UpgradeStatus: No upgrade log present (probably fresh install)