subject:"Bug#825141\: dasd_mod\: module verification failed\: signature and\/or required key missing \- tainting kernel"

Bug#825141: dasd_mod: module verification failed: signature and/or required key missing - tainting kernel

2016-05-25 Thread Ben Hutchings

On Wed, 2016-05-25 at 20:56 -0400, Stephen Powell wrote:
> On Mon, May 23, 2016, at 22:16, Ben Hutchings wrote:
> > On Mon, 2016-05-23 at 21:06 -0400, Stephen Powell wrote:
> > > 
> > > The following message is received at boot time when booting the stock 
> > > Debian kernel
> > > version 4.5.3-2 on the s390x architecture:
> > > 
> > > dasd_mod: module verification failed: signature and/or required key 
> > > missing - tainting kernel
> > 
> > This is expected until we sort out support for loading signed modules
> > in unstable.
> > 
> 
> I've done a little research on this.  I haven't checked other architectures,
> but the stock s390x kernel for 4.5.3-2 (and today I also tried 4.5.4-1) has
> 
>    CONFIG_MODULE_SIG=y
>    # CONFIG_MODULE_SIG_ALL is not set
> 
> This seems to be the problem.

But is exactly what's needed for official linux and linux-signed
packages.

[...]
> I have been able to build a successful kernel using make-kpkg with both of the
> above options not set, as well as with both of them set to y.  But the
> combination of options currently used in the stock kernel is problematic
> for these tools.

That's why the config files included in linux-source packages are now
slightly different from those used in official packages.

Ben.

-- 
Ben Hutchings
Usenet is essentially a HUGE group of people passing notes in class.
  - Rachel Kadel, `A Quick Guide to Newsgroup
Etiquette'


signature.asc
Description: This is a digitally signed message part

Bug#825141: dasd_mod: module verification failed: signature and/or required key missing - tainting kernel

2016-05-25 Thread Stephen Powell

On Mon, May 23, 2016, at 22:16, Ben Hutchings wrote:
> On Mon, 2016-05-23 at 21:06 -0400, Stephen Powell wrote:
>> 
>> The following message is received at boot time when booting the stock Debian 
>> kernel
>> version 4.5.3-2 on the s390x architecture:
>> 
>> dasd_mod: module verification failed: signature and/or required key missing 
>> - tainting kernel
> 
> This is expected until we sort out support for loading signed modules
> in unstable.
> 

I've done a little research on this.  I haven't checked other architectures,
but the stock s390x kernel for 4.5.3-2 (and today I also tried 4.5.4-1) has

   CONFIG_MODULE_SIG=y
   # CONFIG_MODULE_SIG_ALL is not set

This seems to be the problem.  From what I've read, If CONFIG_MODULE_SIG=y, but
CONFIG_MODULE_SIG_ALL is not set, then the modules need to be manually signed
via

   scripts/sign-file

between the "make modules" and "make modules_install" phases of the build
process.  But automated tools for building debian kernel packages, such as
make-kpkg from kernel-package, "make deb-pkg", and I presume the tools you
use for building stock kernels as well, do not allow this manual signing step
to take place.

I have been able to build a successful kernel using make-kpkg with both of the
above options not set, as well as with both of them set to y.  But the
combination of options currently used in the stock kernel is problematic
for these tools.

-- 
  .''`. Stephen Powell
 : :'  :
 `. `'`
   `-

Bug#825141: dasd_mod: module verification failed: signature and/or required key missing - tainting kernel

2016-05-23 Thread Ben Hutchings

On Mon, 2016-05-23 at 21:06 -0400, Stephen Powell wrote:
> Package: linux
> Version: 4.5.3-2
> Severity: minor
> X-Debbugs-CC: debian-s...@lists.debian.org
> 
> The following message is received at boot time when booting the stock Debian 
> kernel
> version 4.5.3-2 on the s390x architecture:
> 
> dasd_mod: module verification failed: signature and/or required key missing - 
> tainting kernel

This is expected until we sort out support for loading signed modules
in unstable.

> The kernel does boot; but the kernel gets tainted, which disables lock 
> debugging.

Lock debugging is not enabled to start with.

Ben.

-- 
Ben Hutchings
Time is nature's way of making sure that everything doesn't happen at once.

signature.asc
Description: This is a digitally signed message part

Bug#825141: dasd_mod: module verification failed: signature and/or required key missing - tainting kernel

2016-05-23 Thread Stephen Powell

Package: linux
Version: 4.5.3-2
Severity: minor
X-Debbugs-CC: debian-s...@lists.debian.org

The following message is received at boot time when booting the stock Debian 
kernel
version 4.5.3-2 on the s390x architecture:

dasd_mod: module verification failed: signature and/or required key missing - 
tainting kernel

The kernel does boot; but the kernel gets tainted, which disables lock 
debugging.

-- 
  .''`. Stephen Powell
 : :'  :
 `. `'`
   `-

Bug#825141: dasd_mod: module verification failed: signature and/or required key missing - tainting kernel

Bug#825141: dasd_mod: module verification failed: signature and/or required key missing - tainting kernel

Bug#825141: dasd_mod: module verification failed: signature and/or required key missing - tainting kernel

Bug#825141: dasd_mod: module verification failed: signature and/or required key missing - tainting kernel

4 matches

Site Navigation

Mail list logo

Footer information