On Thu, 2022-06-16 at 01:28 +0200, Ben Hutchings wrote: [...] > linux-image-4.19.0-17-amd64 4.19.194-1 > lib/modules/4.19.0-17-amd64/kernel/drivers/dma/dw/dw_dmac_core.ko > linux-image-4.19.0-17-amd64 4.19.194-2 > lib/modules/4.19.0-17-amd64/kernel/drivers/dma/dw/dw_dmac_core.ko > linux-image-4.19.0-17-amd64 4.19.194-3 > lib/modules/4.19.0-17-amd64/kernel/drivers/dma/dw/dw_dmac_core.ko [...] > A significant pattern visible here is a short signature for the same > module in multiple consecutive versions, where the module may have > identical contents. That implies that this is a reproducible issue for > certain inputs that cannot be worked around by re-running the signing > process. > > However, I have *not* yet verified that all short signatures really are > invalid.
These module files are indeed identical, and their signatures are rejected by the kernel. I'm now looking at whether the missing bytes are recoverable (e.g. are they always zeroes). Incidentally, this is a failure rate of 75 out of 4,967,591 signatures, or 0.0015%, so it's not surprising that other source packages have not yet been affected. Ben. -- Ben Hutchings The Peter principle: In a hierarchy, every employee tends to rise to their level of incompetence.
signature.asc
Description: This is a digitally signed message part
