Verified for all architectures in the 5.3.0-21.22 build that the signing status of all staging modules matches what is expected against drivers/staging/signature-inclusion, using the attached staging-sig- test.sh.
** Tags removed: verification-needed-eoan ** Tags added: verification-done-eoan -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1850234 Title: Fix signing of staging modules in eoan Status in linux package in Ubuntu: Fix Committed Status in linux source package in Eoan: Fix Committed Bug description: SRU Justification Impact: Staging drivers should not be signed, apart from a small list of selected modules in drivers/staging/signature-inclusion in the Ubuntu kernel source trees. Changes in eoan to the code which adds .gnu_debuglink sections and re-signs modules broke this, resulting in all staging modules being signed. Fix: Check for a signature on the module before adding the .gnu_debuglink section, and only sign the result if the original was signed. Test Case: Attached script which compares the built modules to the signature inclusion file and prints out any modules which are signed but not expected to be signed, and vice versa. Regression Potential: Unsigned modules cannot be loaded under lockdown, which is automatically enabled under secure boot. Some may have been using erroneously signed modules under secure boot and will no longer be able to do so. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1850234/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
