Looks like the "integrity: Unable to open file" are still reported as "kern: err" rather than warnings like the patch (https://lists.ubuntu.com/archives/kernel-team/2017-February/082526.html) was supposed to. And, looks like the "vio vio: uevent:" error occurs only on boot, and does not seem to appear when the system is running.
Looks like /etc/keys/x509-blah is missing in initramfs? May be because the feature is not supported? But seems like the right thing to do is to downgrade the err to warn.
Fresh install of 18.04 on Power9 system, installed linux-image- generic- hwe-18. 04
ubuntu@bobone:~$ uname -a
Linux bobone 4.18.0-18-generic #19~18.04.1-Ubuntu SMP Fri Apr 5 10:21:11 UTC 2019 ppc64le ppc64le ppc64le GNU/Linux
ubuntu@bobone:~$
ubuntu@bobone:~$ dmesg -xT -l emerg,alert, crit,err x509_ima. der (-2) x509_evm. der (-2)
kern :err : [Fri Apr 19 21:12:08 2019] integrity: Unable to open file: /etc/keys/
kern :err : [Fri Apr 19 21:12:08 2019] integrity: Unable to open file: /etc/keys/
kern :err : [Fri Apr 19 21:12:08 2019] vio vio: uevent: failed to send synthetic uevent
kern :err : [Fri Apr 19 21:12:14 2019] vio vio: uevent: failed to send synthetic uevent
ubuntu@bobone:~$
Looks like the "integrity: Unable to open file" are still reported as "kern: err" rather than warnings like the patch (https:/ /lists. ubuntu. com/archives/ kernel- team/2017- February/ 082526. html) was supposed to. And, looks like the "vio vio: uevent:" error occurs only on boot, and does not seem to appear when the system is running.
Looks like /etc/keys/x509-blah is missing in initramfs? May be because the feature is not supported? But seems like the right thing to do is to downgrade the err to warn.
buntu@bobone:~$ dmesg | grep ima 600c3c0000000 (primary) ranges: x509_ima. der (-2)
[ 0.000000] PCI host bridge /pciex@
[ 2.379848] ima: Allocated hash algorithm: sha256
[ 2.518823] evm: security.ima
[ 2.618501] integrity: Unable to open file: /etc/keys/
ubuntu@bobone:~$
ubuntu@bobone:~$ dmesg | grep evm SMACK64EXEC SMACK64TRANSMUT E SMACK64MMAP x509_evm. der (-2)
[ 2.518625] evm: Initialising EVM extended attributes:
[ 2.518651] evm: security.selinux
[ 2.518676] evm: security.SMACK64
[ 2.518691] evm: security.
[ 2.518716] evm: security.
[ 2.518740] evm: security.
[ 2.518773] evm: security.apparmor
[ 2.518823] evm: security.ima
[ 2.518855] evm: security.capability
[ 2.518878] evm: HMAC attrs: 0x1
[ 2.618504] integrity: Unable to open file: /etc/keys/
ubuntu@bobone:~$
Reference: https:/ /bugs.launchpad .net/ubuntu/ +source/ linux/+ bug/1656908