This bug was fixed in the package dkms - 3.0.6-2ubuntu2
---------------
dkms (3.0.6-2ubuntu2) kinetic; urgency=medium
* Fix dkms signing regressions with cherry-picks from 3.0.7 upstream
git. LP: #1991725
- Reinstate enroll call, as it causes dpkg-trigger action during dpkg
transaction to enroll newly created key, if it wasn't enrolled yet.
-- Dimitri John Ledkov <[email protected]> Thu, 20 Oct 2022
12:34:29 +0100
** Changed in: dkms (Ubuntu Kinetic)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1991725
Title:
fails to sign kernel modules
Status in Release Notes for Ubuntu:
Fix Released
Status in dkms package in Ubuntu:
Fix Released
Status in dkms source package in Kinetic:
Fix Released
Bug description:
[Impact]
With the current state of the DKMS package, if a user attempts to
install any package that includes a third-party driver (Broadcom WiFi,
VirtualBox, v4l2loobpack, etc.), the process of signing the newly
built driver with a MOK key will fail silently. This means that any
packages and hardware that require third-party drivers are currently
unusable on a system with Secure Boot. This bug has been tested and
verified to occur with the bcmwl-kernel-source package, but also is
very likely to affect any other packages that use DKMS modules.
This fix for this is in the -proposed pocket at the moment, and has
been tested to work.
[Test plan]
1: Obtain a system with UEFI, Secure Boot, and Broadcom WiFi. (If Broadcom
WiFi is not an option, install VirtualBox in Step 9 rather than
bcmwl-kernel-source.)
2. Install Ubuntu on the system, but do not enable the installation of
third-party drivers.
3. When installation finishes, reboot.
4. When the system boots into the Ubuntu desktop, connect to the Internet
without WiFi, and update all packages on the system.
5. Enable -proposed.
6. Update *just* the DKMS package with "sudo apt install dkms".
7. Disable -proposed.
8. Run "sudo apt install bcmwl-kernel-source".
9. Reboot and enroll the MOK, then reboot again. The WiFi adapter should
begin working once Ubuntu boots.
[Where problems could occur]
Theoretically, a bug in the code could result in DKMS drivers still
not being signed in some instances (though there are no known
instances where this happens). But as Secure Boot + DKMS is already
entirely broken, even this kind of breakage would be an improvement
beyond what we already have. Given the rather obvious nature of such
breakage, thorough testing should be able to detect it with ease.
---
Original bug reports:
Expected on kinetic: dkms will sign built modules with MOK key if
requested.
What happens:
dkms outputs "Binary kmod-sign not found, modules won't be signed"
Fix:
update dkms to 3.0.7: https://github.com/dell/dkms/pull/242
---
dkms 3.0.6-2ubuntu2 is being tested in kinetic-proposed to resolve
this issue
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-release-notes/+bug/1991725/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
