2018-05-23 16:02:03 |
Dan Watkins |
bug |
|
|
added bug |
2018-05-23 16:02:35 |
Dan Watkins |
bug |
|
|
added subscriber Steve Langasek |
2018-05-23 16:02:41 |
Dan Watkins |
bug |
|
|
added subscriber Mathieu Trudel-Lapierre |
2018-05-23 16:24:08 |
Steve Langasek |
dkms (Ubuntu): status |
New |
Incomplete |
|
2018-05-23 16:27:18 |
Steve Langasek |
dkms (Ubuntu): status |
Incomplete |
New |
|
2018-05-23 16:27:25 |
Steve Langasek |
dkms (Ubuntu): importance |
Undecided |
High |
|
2018-05-23 16:33:00 |
Steve Langasek |
dkms (Ubuntu): status |
New |
Triaged |
|
2018-05-23 16:34:07 |
Steve Langasek |
dkms (Ubuntu): importance |
High |
Critical |
|
2018-05-23 17:08:03 |
Steve Langasek |
dkms (Ubuntu): assignee |
|
Mathieu Trudel-Lapierre (cyphermox) |
|
2018-05-23 22:16:19 |
Mathieu Trudel-Lapierre |
description |
At my last reboot, I was prompted to enable SecureBoot, so I did.
When I booted, however, I noticed that the virtualbox service failed to start because it couldn't load its kernel module. If I attempt the same thing, I see that there's an issue with keys:
$ sudo modprobe vboxdrv
modprobe: ERROR: could not insert 'vboxdrv': Required key not available
I do have keys enrolled; `mokutil --list-enrolled` produces http://paste.ubuntu.com/p/rntTQr5XJV/ |
[Impact]
All Ubuntu users for whom Secure Boot is enabled.
[Test cases]
1) install dkms module (use virtualbox-dkms for example)
2) Upgrade kernel (for example, install 4.15.0-22-generic on top of 4.15.0-20-generic).
3) Verify that the generated module for the new kernel (4.15.0-22-generic in this example) is built and signed by verifying that the file in /lib/modules/$kernel/updates/dkms/$module.ko ends in ~Module signature appended~:
$ hexdump -Cv /lib/modules/4.15.0-22-generic/updates/dkms/vboxdrv.ko | tail -n 100
[...]
~Module signature appended~
4) Reboot
5) modprobe -v the module.
It should not respond "Required key not available", and should return with no error.
6) Verify that dkms does not contain PKCS#7 errors.
[Regression potential]
Possible regressions involve failure to sign and/or be able to load modules after updates: failure to sign leading to a module being built but unsigned after a new kernel is installed or after a new DKMS module is installed, failure to load modules after reboot (usually caused by module being unsigned); failure to sign due to missing keys, signature key not being automatically slated for enrollment. All these potential regression scenarios present as failure to load a DKMS module after a reboot when it should be loaded successfully.
---
At my last reboot, I was prompted to enable SecureBoot, so I did.
When I booted, however, I noticed that the virtualbox service failed to start because it couldn't load its kernel module. If I attempt the same thing, I see that there's an issue with keys:
$ sudo modprobe vboxdrv
modprobe: ERROR: could not insert 'vboxdrv': Required key not available
I do have keys enrolled; `mokutil --list-enrolled` produces http://paste.ubuntu.com/p/rntTQr5XJV/ |
|
2018-05-23 23:12:16 |
Launchpad Janitor |
dkms (Ubuntu): status |
Triaged |
Fix Released |
|
2018-05-24 18:15:54 |
Steve Langasek |
dkms (Ubuntu Bionic): status |
New |
Fix Committed |
|
2018-05-24 18:15:55 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2018-05-24 18:15:58 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
2018-05-24 18:16:03 |
Steve Langasek |
tags |
|
verification-needed verification-needed-bionic |
|
2018-05-26 12:23:08 |
Francis Ginther |
tags |
verification-needed verification-needed-bionic |
id-5b0593ddfc4d344a05f862a7 verification-needed verification-needed-bionic |
|
2018-05-27 12:36:24 |
Francis Ginther |
tags |
id-5b0593ddfc4d344a05f862a7 verification-needed verification-needed-bionic |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-needed verification-needed-bionic |
|
2018-05-30 15:11:18 |
Mathieu Trudel-Lapierre |
tags |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-needed verification-needed-bionic |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-done-bionic |
|
2018-05-30 15:53:31 |
Launchpad Janitor |
dkms (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2018-05-30 15:53:34 |
Steve Langasek |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2019-02-05 20:41:53 |
Brian Murray |
dkms (Ubuntu Xenial): status |
New |
Fix Committed |
|
2019-02-05 20:41:56 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2019-02-05 20:42:01 |
Brian Murray |
tags |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-done-bionic |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-done-bionic verification-needed verification-needed-xenial |
|
2019-02-05 20:53:21 |
Brian Murray |
dkms (Ubuntu Trusty): status |
New |
Fix Committed |
|
2019-02-05 20:53:26 |
Brian Murray |
tags |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-done-bionic verification-needed verification-needed-xenial |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-done-bionic verification-needed verification-needed-trusty verification-needed-xenial |
|
2019-02-13 19:42:27 |
Mathieu Trudel-Lapierre |
tags |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-done-bionic verification-needed verification-needed-trusty verification-needed-xenial |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-done-bionic verification-done-trusty verification-needed-xenial |
|
2019-02-13 22:16:49 |
Mathieu Trudel-Lapierre |
tags |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-done-bionic verification-done-trusty verification-needed-xenial |
id-5b0593ddfc4d344a05f862a7 id-5b05a00120e543dc26a03df7 verification-done-bionic verification-done-trusty verification-done-xenial |
|
2019-02-14 16:49:40 |
Launchpad Janitor |
dkms (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2019-02-14 20:24:44 |
Launchpad Janitor |
dkms (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|