Public bug reported: Hi,
I've been signing my DKMS modules manually for some time and it was working just fine with 17.04 but since I upgraded to 17.10 and signing the modules again the kernel rejects them. Version: Ubuntu 4.12.0-11.12-generic 4.12.5 ``` $ sudo mokutil --import MOK.der SKIP: MOK.der is already enrolled $ sudo /usr/src/linux-headers-4.12.0-11-generic/scripts/sign-file sha512 MOK.priv MOK.der /lib/modules/4.12.0-11-generic/updates/dkms/vboxdrv.ko $ sudo hexdump -C /lib/modules/4.12.0-11-generic/updates/dkms/vboxdrv.ko | tail 00085530 73 59 c9 38 05 53 a3 95 df df c6 ca 93 ef ad 87 |sY.8.S..........| 00085540 38 52 a4 41 4b b6 79 e7 1f 02 49 d7 ba 7c 60 21 |8R.AK.y...I..|`!| 00085550 94 9a b8 c2 d2 73 68 91 fc e8 12 c1 e9 68 21 eb |.....sh......h!.| 00085560 55 d1 0b 6f 4e 04 ee b2 e7 a7 47 42 07 bb 0e 3b |U..oN.....GB...;| 00085570 8a fa 9c d0 7f 1e d5 af 92 8a a3 db 13 32 6d f1 |.............2m.| 00085580 c0 c7 6a 31 c6 39 39 14 0d ec 19 73 7e 14 1b e6 |..j1.99....s~...| 00085590 8d 1b 5c 7a 0c 26 00 00 02 00 00 00 00 00 00 00 |..\z.&..........| 000855a0 01 8b 7e 4d 6f 64 75 6c 65 20 73 69 67 6e 61 74 |..~Module signat| 000855b0 75 72 65 20 61 70 70 65 6e 64 65 64 7e 0a |ure appended~.| 000855be $ sudo modprobe vboxdrv modprobe: ERROR: could not insert 'vboxdrv': Required key not available ``` dmesg shows: ``` [260594.834844] PKCS#7 signature not signed with a trusted key ``` It also seems like modinfo doesn't recognize/shows the signing details: ``` $ sudo modinfo /lib/modules/4.12.0-11-generic/updates/dkms/vboxdrv.ko filename: /lib/modules/4.12.0-11-generic/updates/dkms/vboxdrv.ko version: 5.1.26_Ubuntu r117224 (0x002a0000) license: GPL description: Oracle VM VirtualBox Support Driver author: Oracle Corporation srcversion: 135FF31DCB56FAD62FFCD36 depends: vermagic: 4.12.0-11-generic SMP mod_unload signat: PKCS#7 signer: sig_key: sig_hashalgo: md4 parm: force_async_tsc:force the asynchronous TSC mode (int) ``` ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1712804 Title: 4.12.0-11-generic rejects kernel modules signed with enrolled key Status in linux package in Ubuntu: New Bug description: Hi, I've been signing my DKMS modules manually for some time and it was working just fine with 17.04 but since I upgraded to 17.10 and signing the modules again the kernel rejects them. Version: Ubuntu 4.12.0-11.12-generic 4.12.5 ``` $ sudo mokutil --import MOK.der SKIP: MOK.der is already enrolled $ sudo /usr/src/linux-headers-4.12.0-11-generic/scripts/sign-file sha512 MOK.priv MOK.der /lib/modules/4.12.0-11-generic/updates/dkms/vboxdrv.ko $ sudo hexdump -C /lib/modules/4.12.0-11-generic/updates/dkms/vboxdrv.ko | tail 00085530 73 59 c9 38 05 53 a3 95 df df c6 ca 93 ef ad 87 |sY.8.S..........| 00085540 38 52 a4 41 4b b6 79 e7 1f 02 49 d7 ba 7c 60 21 |8R.AK.y...I..|`!| 00085550 94 9a b8 c2 d2 73 68 91 fc e8 12 c1 e9 68 21 eb |.....sh......h!.| 00085560 55 d1 0b 6f 4e 04 ee b2 e7 a7 47 42 07 bb 0e 3b |U..oN.....GB...;| 00085570 8a fa 9c d0 7f 1e d5 af 92 8a a3 db 13 32 6d f1 |.............2m.| 00085580 c0 c7 6a 31 c6 39 39 14 0d ec 19 73 7e 14 1b e6 |..j1.99....s~...| 00085590 8d 1b 5c 7a 0c 26 00 00 02 00 00 00 00 00 00 00 |..\z.&..........| 000855a0 01 8b 7e 4d 6f 64 75 6c 65 20 73 69 67 6e 61 74 |..~Module signat| 000855b0 75 72 65 20 61 70 70 65 6e 64 65 64 7e 0a |ure appended~.| 000855be $ sudo modprobe vboxdrv modprobe: ERROR: could not insert 'vboxdrv': Required key not available ``` dmesg shows: ``` [260594.834844] PKCS#7 signature not signed with a trusted key ``` It also seems like modinfo doesn't recognize/shows the signing details: ``` $ sudo modinfo /lib/modules/4.12.0-11-generic/updates/dkms/vboxdrv.ko filename: /lib/modules/4.12.0-11-generic/updates/dkms/vboxdrv.ko version: 5.1.26_Ubuntu r117224 (0x002a0000) license: GPL description: Oracle VM VirtualBox Support Driver author: Oracle Corporation srcversion: 135FF31DCB56FAD62FFCD36 depends: vermagic: 4.12.0-11-generic SMP mod_unload signat: PKCS#7 signer: sig_key: sig_hashalgo: md4 parm: force_async_tsc:force the asynchronous TSC mode (int) ``` To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1712804/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp