** Changed in: linux (Ubuntu)
Importance: Medium => High
** Changed in: linux (Ubuntu)
Status: Triaged => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Seth Forshee (sforshee)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1712168
Title:
Linux 4.12 refuses to load self-signed modules under Secure Boot with
properly enrolled keys
Status in linux package in Ubuntu:
In Progress
Bug description:
Since version 4.12, Linux refuses to load my self-signed VirtualBox
modules.
$ lsb_release -d
Description: Ubuntu Artful Aardvark (development branch)
$ uname -rvm
4.12.0-11-generic #12-Ubuntu SMP Fri Aug 11 12:26:42 UTC 2017 x86_64
$ sudo modprobe -v vboxdrv
insmod /lib/modules/4.12.0-11-generic/misc/vboxdrv.ko
modprobe: ERROR: could not insert 'vboxdrv': Required key not available
I've followed [this guide](https://askubuntu.com/a/768310/65926) to import
the key an sign the modules. It worked until kernel 4.11.
The key is properly enrolled:
$ sudo mokutil --test-key .mok/mok-eric-carvalho.der
.mok/mok-eric-carvalho.der is already enrolled
I think this happens because the kernel was built without
CONFIG_MODULE_SIG_UEFI:
$ ls -1 /boot/config-*
/boot/config-4.11.0-13-generic
/boot/config-4.12.0-11-generic
$ grep CONFIG_MODULE_SIG_UEFI /boot/config-*
/boot/config-4.11.0-13-generic:CONFIG_MODULE_SIG_UEFI=y
Same problem with kernel 4.12.0-12.13 from the proposed repository.
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: linux-image-4.12.0-11-generic 4.12.0-11.12
ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5
Uname: Linux 4.12.0-11-generic x86_64
ApportVersion: 2.20.6-0ubuntu6
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: carvalho 3077 F.... pulseaudio
/dev/snd/controlC0: carvalho 3077 F.... pulseaudio
CurrentDesktop: Budgie:GNOME
Date: Mon Aug 21 15:37:56 2017
HibernationDevice: RESUME=UUID=8766d3eb-a19c-403c-829a-ff5fa7878e87
InstallationDate: Installed on 2016-12-15 (249 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Alpha amd64 (20161214)
MachineType: LENOVO 80JE
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.12.0-11-generic.efi.signed
root=UUID=ca49cfac-7b28-4152-bf45-006806f69224 ro quiet splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-4.12.0-11-generic N/A
linux-backports-modules-4.12.0-11-generic N/A
linux-firmware 1.167
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 09/30/2016
dmi.bios.vendor: LENOVO
dmi.bios.version: B0CNA0WW
dmi.board.asset.tag: NO Asset Tag
dmi.board.name: Lancer 4A1
dmi.board.vendor: LENOVO
dmi.board.version: SDK0J40688 WIN
dmi.chassis.asset.tag: NO Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Lenovo G40-80
dmi.modalias:
dmi:bvnLENOVO:bvrB0CNA0WW:bd09/30/2016:svnLENOVO:pn80JE:pvrLenovoG40-80:rvnLENOVO:rnLancer4A1:rvrSDK0J40688WIN:cvnLENOVO:ct10:cvrLenovoG40-80:
dmi.product.family: IDEAPAD
dmi.product.name: 80JE
dmi.product.version: Lenovo G40-80
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1712168/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
