** Also affects: linux (Ubuntu Eoan)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1850234
Title:
Fix signing of staging modules in eoan
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Eoan:
New
Bug description:
SRU Justification
Impact: Staging drivers should not be signed, apart from a small list
of selected modules in drivers/staging/signature-inclusion in the
Ubuntu kernel source trees. Changes in eoan to the code which adds
.gnu_debuglink sections and re-signs modules broke this, resulting in
all staging modules being signed.
Fix: Check for a signature on the module before adding the
.gnu_debuglink section, and only sign the result if the original was
signed.
Test Case: Attached script which compares the built modules to the
signature inclusion file and prints out any modules which are signed
but not expected to be signed, and vice versa.
Regression Potential: Unsigned modules cannot be loaded under
lockdown, which is automatically enabled under secure boot. Some may
have been using erroneously signed modules under secure boot and will
no longer be able to do so.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850234/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
