This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem in Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP Status in linux package in Ubuntu: In Progress Status in linux-oem package in Ubuntu: New Status in linux source package in Xenial: Invalid Status in linux source package in Bionic: Fix Committed Status in linux-oem source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: In Progress Bug description: [Impact] It's possible to turn off kernel lockdown by emulating a USB keyboard via USB/IP and sending an Alt+SysRq+X key combination through it. Ubuntu's kernels have USB/IP enabled (CONFIG_USBIP_VHCI_HCD=m and CONFIG_USBIP_CORE=m) with signed usbip_core and vhci_hcd modules provided in the linux-extra-modules-* package. See the PoC here: https://github.com/xairy/unlockdown#method-1-usbip [Test Case] $ git clone https://github.com/xairy/unlockdown.git $ cd unlockdown/01-usbip/ $ sudo ./run.sh $ dmesg # Ensure there are no log entries talking about lifting lockdown: sysrq: SysRq : Disabling Secure Boot restrictions Lifting lockdown # You should see a SysRq help log entry because the Alt+SysRq+X # combination should be disabled sysrq: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z) [Regression Potential] Some users may see a usability regression due to the Lockdown lift sysrq combination being removed. Some users are known to disable lockdown, using the sysrq combination, in order to perform some "dangerous" operation such as writing to an MSR. It is believed that this is a small number of users but it is impossible to know for sure. Users that rely on this functionality may need to permanently disable secure boot using 'mokutil --disable-validation'. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
