** Description changed: + [Impact] + All Ubuntu users for whom Secure Boot is enabled. + + [Test cases] + 1) install dkms module (use virtualbox-dkms for example) + 2) Upgrade kernel (for example, install 4.15.0-22-generic on top of 4.15.0-20-generic). + 3) Verify that the generated module for the new kernel (4.15.0-22-generic in this example) is built and signed by verifying that the file in /lib/modules/$kernel/updates/dkms/$module.ko ends in ~Module signature appended~: + + $ hexdump -Cv /lib/modules/4.15.0-22-generic/updates/dkms/vboxdrv.ko | tail -n 100 + [...] + ~Module signature appended~ + + 4) Reboot + 5) modprobe -v the module. + It should not respond "Required key not available", and should return with no error. + 6) Verify that dkms does not contain PKCS#7 errors. + + + [Regression potential] + Possible regressions involve failure to sign and/or be able to load modules after updates: failure to sign leading to a module being built but unsigned after a new kernel is installed or after a new DKMS module is installed, failure to load modules after reboot (usually caused by module being unsigned); failure to sign due to missing keys, signature key not being automatically slated for enrollment. All these potential regression scenarios present as failure to load a DKMS module after a reboot when it should be loaded successfully. + + --- + At my last reboot, I was prompted to enable SecureBoot, so I did. When I booted, however, I noticed that the virtualbox service failed to start because it couldn't load its kernel module. If I attempt the same thing, I see that there's an issue with keys: $ sudo modprobe vboxdrv modprobe: ERROR: could not insert 'vboxdrv': Required key not available I do have keys enrolled; `mokutil --list-enrolled` produces http://paste.ubuntu.com/p/rntTQr5XJV/
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1772950 Title: dkms key enrolled in mok, but dkms module fails to load To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dkms/+bug/1772950/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
