Hello Dan, or anyone else affected,

Accepted dkms into xenial-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/dkms/2.2.0.3-2ubuntu11.6 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-xenial to verification-done-xenial. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-xenial. In either case, without details of
your testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: dkms (Ubuntu Xenial)
       Status: New => Fix Committed

** Tags added: verification-needed verification-needed-xenial

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to dkms in Ubuntu.
https://bugs.launchpad.net/bugs/1772950

Title:
  dkms key enrolled in mok, but dkms module fails to load

Status in dkms package in Ubuntu:
  Fix Released
Status in dkms source package in Xenial:
  Fix Committed
Status in dkms source package in Bionic:
  Fix Released

Bug description:
  [Impact]
  All Ubuntu users for whom Secure Boot is enabled.

  [Test cases]
  1) install dkms module (use virtualbox-dkms for example)
  2) Upgrade kernel (for example, install 4.15.0-22-generic on top of 
4.15.0-20-generic).
  3) Verify that the generated module for the new kernel (4.15.0-22-generic in 
this example) is built and signed by verifying that the file in 
/lib/modules/$kernel/updates/dkms/$module.ko ends in ~Module signature 
appended~:

  $ hexdump -Cv /lib/modules/4.15.0-22-generic/updates/dkms/vboxdrv.ko | tail 
-n 100
  [...]
  ~Module signature appended~

  4) Reboot
  5) modprobe -v the module.
  It should not respond "Required key not available", and should return with no 
error.
  6) Verify that dkms does not contain PKCS#7 errors.

  
  [Regression potential]
  Possible regressions involve failure to sign and/or be able to load modules 
after updates: failure to sign leading to a module being built but unsigned 
after a new kernel is installed or after a new DKMS module is installed, 
failure to load modules after reboot (usually caused by module being unsigned); 
failure to sign due to missing keys, signature key not being automatically 
slated for enrollment. All these potential regression scenarios present as 
failure to load a DKMS module after a reboot when it should be loaded 
successfully.

  ---

  At my last reboot, I was prompted to enable SecureBoot, so I did.

  When I booted, however, I noticed that the virtualbox service failed
  to start because it couldn't load its kernel module.  If I attempt the
  same thing, I see that there's an issue with keys:

  $ sudo modprobe vboxdrv
  modprobe: ERROR: could not insert 'vboxdrv': Required key not available

  I do have keys enrolled; `mokutil --list-enrolled` produces
  http://paste.ubuntu.com/p/rntTQr5XJV/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dkms/+bug/1772950/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to