Ubuntu
linux-lts-xenial package

Cannot load modules with 16.04 on non uefi boards with normal bios and 32 bit

Bug #1656670 reported by Musbach
30
This bug affects 6 people
Affects Status Importance Assigned to Milestone
linux-lts-xenial (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

The secure boot option is supposed to work only for 64Bit and mainboard which support uefi. However, I experienced that a signature is mandatory also for non uefi boards with normal bios and 32 bit. My system is Ubuntu 16.04/32Bits and 4.4.0-59-generic kernel. I use the standard kernel.

1) If I build a module like I always did on Ubuntu 10.4 and 14.04 but now on 16.04 and try to load it, I get the following error in `dmesg | tail`: `module verification failed: signature and/or required key missing - tainting kernel`.

2) I create a key pair (`/usr/src/linux-headers-$(uname -r)/scripts/sign-file …`) and sign the module. `hexdump -C $(modinfo –n MY_MODULE) | tail` shows:
00004e60 7e 4d 6f 64 75 6c 65 20 73 69 67 6e 61 74 75 72 |~Module signatur|
00004e70 65 20 61 70 70 65 6e 64 65 64 7e 0a |e appended~.|
00004e7c

And tried to load the keys with ` sudo mokutil --import MOK.der ` but I get the error:

EFI variables are not supported on this system

3) I tried to disable the signature validation

# sudo mokutil --disable-validation
EFI variables are not supported on this system

4) I added in grub `noefi` and ` acpi_enforce_resources=lax`. But it had no effect. Ubuntu refuses to load the module.

5) IU was looking for the private key of the kernel in order to sign my generated key with the kernel key. If I would found the private key, it would have completely useless to introduce signatures to Ubuntu J

6 Try) Suggestions by Rod Smith to install the MokManager.efi were not successful because it requires an uefi motherboard.

Other tries are suggested by Rod Smith here (http://askubuntu.com/questions/765509/login-broken-after-15-10-16-04-lts-upgrade-related-to-nvidia-driver). To use older version of grub is considered not be the best idea. The build of a new kernel is principle possible but the question is which kernel parameter have to be change? The answer is difficult because it is a bug in Ubuntu.

Could you please fix the bug? Please let me know I you need more information.

See original description
Musbach (frank-musbach)
information type: Private Security → Public
Revision history for this message
Hans Joachim Desserud (hjd) wrote :

Hello :)

I'm not sure how the report ended up here, but this issue doesn't seem related to Widelands. I've therefore taken the liberty of moving it to the Ubuntu bug tracker. I'm not familiar with the details here, so I don't know whether this would fall in under the kernel package, grub or possibly some third option.

affects: widelands → ubuntu
tags: added: xenial
Revision history for this message
Musbach (frank-musbach) wrote :

Hi Hans Joachim,
Yes, Ubuntu is correct. Sorry, this was my mistake. Thanks,
Best regards

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu:
status: New → Confirmed
Musbach (frank-musbach)
description: updated
Revision history for this message
Musbach (frank-musbach) wrote :

Assigned it to package linux-lts-xenial

affects: ubuntu → linux-lts-xenial (Ubuntu)
Revision history for this message
Musbach (frank-musbach) wrote :
Download full text (6.5 KiB)

I see a crash in dmesg if I do twice “modprobe my_module”. On the terminal I see always the same error message: “modprobe: ERROR: could not insert 'my_module': Device or resource busy “. "lsmod | grep my_module" returns always no results

The first time I see in dmesg:

[ 719.768057] my_module: module verification failed: signature and/or required key missing - tainting kernel
[ 719.768358] my_module_init_struct: Phys start e3000000, start f9600000, nc-start f9a00000

The second time I see:

[ 1576.030967] perf interrupt took too long (5001 > 5000), lowering kernel.perf_event_max_sample_rate to 25000
[43637.770909] my_module_init_struct: Phys start e3000000, start f9e00000, nc-start fa200000
[43638.998400] ------------[ cut here ]------------
[43638.998415] WARNING: CPU: 0 PID: 3862 at /build/linux-5Vy7q8/linux-4.4.0/fs/sysfs/dir.c:31 sysfs_warn_dup+0x60/0x70()
[43638.998418] sysfs: cannot create duplicate filename '/class/my_module'
[43638.998419] Modules linked in: my_module(OE+) lirc_dev rc_core jfs gpio_ich snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel coretemp kvm_intel snd_hda_codec snd_hda_core snd_hwdep kvm snd_pcm snd_seq_midi snd_seq_midi_event irqbypass snd_rawmidi snd_seq input_leds snd_seq_device snd_timer lpc_ich serio_raw snd soundcore shpchp 8250_fintek mac_hid hwmon_vid sunrpc eeprom parport_pc ppdev lp parport autofs4 uvesafb uas usb_storage psmouse ahci firewire_ohci i915 libahci firewire_core crc_itu_t pata_acpi video i2c_algo_bit r8169 drm_kms_helper fjes syscopyarea sysfillrect sysimgblt mii fb_sys_fops drm
[43638.998471] CPU: 0 PID: 3862 Comm: modprobe Tainted: G OE 4.4.0-59-generic #80-Ubuntu
[43638.998473] Hardware name: Kontron Technology 986LCD-M/mITX/986LCD-M/mITX, BIOS 080013 03/04/2011
[43638.998476] c1ad7967 1c7090b8 00000286 f17b7c64 c13ab85f f17b7ca4 c19f07a8 f17b7c94
[43638.998481] c1070427 c19f0774 f17b7cc4 00000f16 c19f07a8 0000001f c1250120 c1250120
[43638.998487] f1112000 f20e1400 f63ac1b0 f17b7cb0 c107049e 00000009 f17b7ca4 c19f0774
[43638.998492] Call Trace:
[43638.998500] [<c13ab85f>] dump_stack+0x58/0x79
[43638.998505] [<c1070427>] warn_slowpath_common+0x87/0xc0
[43638.998508] [<c1250120>] ? sysfs_warn_dup+0x60/0x70
[43638.998511] [<c1250120>] ? sysfs_warn_dup+0x60/0x70
[43638.998514] [<c107049e>] warn_slowpath_fmt+0x3e/0x60
[43638.998517] [<c1250120>] sysfs_warn_dup+0x60/0x70
[43638.998520] [<c12501f8>] sysfs_create_dir_ns+0x78/0x90
[43638.998524] [<c13ae531>] kobject_add_internal+0xa1/0x360
[43638.998528] [<c118d635>] ? kfree_const+0x25/0x30
[43638.998531] [<c13ae91c>] kset_register+0x3c/0x60
[43638.998535] [<c14fef22>] __class_register+0xc2/0x1e0
[43638.998538] [<c14ff068>] ? __class_create+0x28/0x70
[43638.998541] [<c14ff084>] __class_create+0x44/0x70
[43638.998544] [<f8e21000>] ? 0xf8e21000
[43638.998549] [<f8e21040>] my_module_init+0x40/0x1000 [my_module]
[43638.998553] [<c100211a>] do_one_initcall+0xaa/0x200
[43638.998555] [<f8e21000>] ? 0xf8e21000
[43638.998560] [<c11ac3c5>] ? free_vmap_area_noflush+0x45/0xa0
[43638.998564] [<c11c3565>] ? kmem_cache_alloc_trace+0x185/0x1e0
[43638.998568] [<c11704fa>] ? do_init_module+0x21/0x1a6
[43638.99857...

Read more...

Alberto Salvia Novella (es20490446e)
Changed in linux-lts-xenial (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.