** Tags added: cscc
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title:
18.10 kernel does not appear to validate kernel module signatures
correctly
To manage notifications about this bug
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title:
18.10 kernel does not appear to validate kernel module signature
That is unlikely to be true. Please file a new bug report and describe
in your own words what is happening and why you believe it is a bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title
Still facing the same problem!
Machine: MSI GV62 7RD
Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz × 8
Graphics: GeForce GTX 1050/PCIe/SSE2
Operating System: Ubuntu 18.10
Kernel: 4.18.0-15-generic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribe
This bug was erroneously marked for verification in bionic; verification
is not required and verification-needed-bionic is being removed.
** Tags removed: verification-needed-bionic
** Tags added: kernel-fixup-verification-needed-bionic verification-done-bionic
--
You received this bug notificat
I'm confused about the above message. This bug never affected the kernel
in Bionic AFAIK. Or is this referring to the HWE kernel for Bionic from
Cosmic for 18.04.2? In that case, why isn't this change already included
in the HWE kernel as it was imported from Cosmic, rather than needing to
be broug
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
bionic' to 'verification-done-bionic'. If the problem still exists,
change the tag 'verifica
This bug was fixed in the package linux - 4.18.0-12.13
---
linux (4.18.0-12.13) cosmic; urgency=medium
* linux: 4.18.0-12.13 -proposed tracker (LP: #1802743)
* [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
- s390/zcrypt: Add ZAPQ inline function.
- s390/zcrypt: Re
Based on the above comments, I'm marking verification done for Cosmic.
Thank you!
** Tags removed: verification-needed-cosmic
** Tags added: verification-done-cosmic
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchp
Daniel: A message is printed for only the first time a module signature
verification fails for any reason, so if you tested the "signed with key
not enrolled in the MOK" and then "not signed" cases in the same boot
you will only see a message for the first one. If you reboot and then
retest the "no
Hi Daniel Dadap,
Thank you for your feedback.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title:
18.10 kernel does not appear to validate kernel module signatures
correctly
To manage n
Yes, I do see the expected behavior now with signed modules, both when
the signing key is enrolled in the MOK (module loads, no verification
error) and when it is not enrolled in the MOK (module fails to load due
to verification error.) However, the behavior is not quite what I expect
when a module
Just to confirm, this is with the 4.18.0-12-generic x86_64 kernel from
cosmic-proposed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title:
18.10 kernel does not appear to validate kernel m
Hi Daniel Dadap,
Could you please verify if the Cosmic kernel currently in -proposed
fixes the issue?
Thank you.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title:
18.10 kernel does not
Hi Thanh Tung,
Please do not change manually a series release task to 'Fix Released',
that is done automatically by a bot when the package hits -updates.
Thank you.
** Changed in: linux (Ubuntu Cosmic)
Status: Fix Released => Fix Committed
--
You received this bug notification because y
** Changed in: linux (Ubuntu Cosmic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title:
18.10 kernel does not appear to validate kernel module
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
cosmic' to 'verification-done-cosmic'. If the problem still exists,
change the tag 'verifica
** Changed in: linux (Ubuntu Cosmic)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title:
18.10 kernel does not appear to validate kernel module s
** Description changed:
+ SRU Justification
+
+ Impact: An bug in the secure boot lockdown patches in the 18.10 kernel
+ causes the results of module signature verification to be ignored,
+ allowing modules with no signature or an invalid signature to be loaded.
+ A second bug results in the MOK
Cool, glad you were able to track down the problems. Sorry if my report
that module signature verification was disabled and couldn't be re-
enabled was misleading. That's what I thought was happening; I didn't
think to imagine that the enforcement of the "valid signature required"
policy wasn't tak
Use CVE-2018-18653.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18653
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title:
18.10 kernel does not appear to validate ke
I need to make a correction to the last sentence of my last comment.
Signature verification is performed but the result is effectively
ignored due to the configuration options mentioned earlier in that
comment.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which i
I've requested a CVE for this issue. I wanted to provide some more
context as other Linux distributions will likely be reading this bug
report once the CVE assignment occurs.
This flaw is introduced by certain configuration options in combination
with this out-of-tree patch from the Lockdown patch
Based on Seth's response there is no reason to suspect shim here.
** Changed in: shim (Ubuntu Cosmic)
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title
I can clarify what's happening in the kernel. There are two bugs, and
one is masking the other.
The first bug is that we don't use the secondary keyring for verifying
module signatures. The secondary keyring is where the MOK ends.
The second bug is that we aren't enforcing that modules must be si
Opening a task for shim; I want to check whether this is doing what it
is supposed to, at least on a new install.
** Also affects: shim (Ubuntu)
Importance: Undecided
Status: New
** Changed in: shim (Ubuntu Cosmic)
Status: New => In Progress
** Changed in: shim (Ubuntu Cosmic)
There's a bit I don't understand:
"* Signature verification appears to be disabled, and cannot be enabled
again. It appeared to be enabled previously, as loading of unsigned
modules was failing, and `mokutil --enable-validation` runs without
incident; however, upon the next boot when attempting to
** Changed in: linux (Ubuntu Cosmic)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1798863
Title:
18.10 kernel does not appear to validate kernel module signa
** Changed in: linux (Ubuntu Cosmic)
Status: Incomplete => Confirmed
** Changed in: linux (Ubuntu Cosmic)
Assignee: (unassigned) => Seth Forshee (sforshee)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launc
apport information
** Tags added: apport-collected cosmic
** Description changed:
On a system with Ubuntu 18.10, with secure boot enabled, and a key
enrolled in the MOK database, I am observing the following peculiar
behaviors:
* Signature verification appears to be disabled, and cann
This could be a duplicate of bug 1798940
** Changed in: linux (Ubuntu)
Importance: Undecided => Medium
** Also affects: linux (Ubuntu Cosmic)
Importance: Medium
Status: Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
31 matches
Mail list logo