Ubuntu
linux package

Regression: modules in bionic -hwe-18.04-edge kernels aren't signed since 5.3.0-22

Bug #1852799 reported by Malcolm Scott
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

In linux-modules-5.3.0-19-generic and earlier, on bionic, modules were signed (note "signat: PKCS#7"):

$ modinfo /lib/modules/5.3.0-19-generic/kernel/arch/x86/kernel/cpuid.ko
filename: /lib/modules/5.3.0-19-generic/kernel/arch/x86/kernel/cpuid.ko
license: GPL
description: x86 generic CPUID driver
author: H. Peter Anvin <email address hidden>
srcversion: 94362896973583C3E6E82D1
depends:
retpoline: Y
intree: Y
name: cpuid
vermagic: 5.3.0-19-generic SMP mod_unload
signat: PKCS#7
signer:
sig_key:
sig_hashalgo: md4

Recently they haven't been (note complete absence of signature fields):

$ modinfo /lib/modules/5.3.0-22-generic/kernel/arch/x86/kernel/cpuid.ko
filename: /lib/modules/5.3.0-22-generic/kernel/arch/x86/kernel/cpuid.ko
license: GPL
description: x86 generic CPUID driver
author: H. Peter Anvin <email address hidden>
srcversion: 94362896973583C3E6E82D1
depends:
retpoline: Y
intree: Y
name: cpuid
vermagic: 5.3.0-22-generic SMP mod_unload
$ modinfo /lib/modules/5.3.0-23-generic/kernel/arch/x86/kernel/cpuid.ko
filename: /lib/modules/5.3.0-23-generic/kernel/arch/x86/kernel/cpuid.ko
license: GPL
description: x86 generic CPUID driver
author: H. Peter Anvin <email address hidden>
srcversion: 94362896973583C3E6E82D1
depends:
retpoline: Y
intree: Y
name: cpuid
vermagic: 5.3.0-23-generic SMP mod_unload

As a result I can't load any modules if I boot via UEFI secure boot!

Tags: eoan
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1852799

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: eoan
Revision history for this message
Malcolm Scott (malcscott) wrote :

Not attaching logs since I can't boot the affected kernels, and this is a packaging issue.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Tiago Marques (t28427) wrote :

Lost ability to boot, seems to be the same issue, as the modules are present in the initrd but don't seem to load.

Revision history for this message
Kai-Heng Feng (kaihengfeng) wrote :

Dupe of LP: #1852581?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.