Ubuntu
linux package

Failure to validate module signature at boot time

Bug #1253155 reported by Stéphane Graber
178
This bug affects 44 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
High
Tim Gardner
Precise
Invalid
Undecided
Andy Whitcroft
Quantal
Invalid
Undecided
Andy Whitcroft
Saucy
Fix Released
Medium
Tim Gardner
Trusty
Fix Released
High
Tim Gardner
linux-lts-raring (Ubuntu)
Invalid
Undecided
Unassigned
Precise
Fix Released
Medium
Andy Whitcroft
Quantal
Invalid
Undecided
Unassigned
Saucy
Invalid
Undecided
Unassigned
Trusty
Invalid
Undecided
Unassigned

Bug Description

When booting under secureboot and using a signed kernel, it's expected that all modules shipped alongside the kernel should validate and load successfully without tainting the kernel.

Unfortunately it doesn't seem to always be the case. Looking through my kernel logs, I see:

Nov 15 10:35:24 castiana kernel: [ 1.635132] video: module verification failed: signature and/or required key missing - tainting kernel

or

Nov 12 12:58:48 castiana kernel: [213981.753326] Request for unknown module key 'Magrathea: Glacier signing key: f440a253eb498df923d438caa09b3b5d99308405' err -11

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: linux-image-3.12.0-2-generic 3.12.0-2.7
ProcVersionSignature: Ubuntu 3.12.0-2.7-generic 3.12.0
Uname: Linux 3.12.0-2-generic x86_64
ApportVersion: 2.12.7-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC1: stgraber 2721 F.... pulseaudio
 /dev/snd/controlC0: stgraber 2721 F.... pulseaudio
 /dev/snd/pcmC0D0c: stgraber 2721 F...m pulseaudio
 /dev/snd/pcmC0D0p: stgraber 2721 F...m pulseaudio
CurrentDesktop: Unity
Date: Wed Nov 20 11:59:57 2013
InstallationDate: Installed on 2013-04-21 (213 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130420)
MachineType: LENOVO 2306CT0
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.12.0-2-generic.efi.signed root=UUID=14de4e20-b139-488e-863f-ec710f776851 ro quiet splash "acpi_osi=!Windows 2012" vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-3.12.0-2-generic N/A
 linux-backports-modules-3.12.0-2-generic N/A
 linux-firmware 1.117
SourcePackage: linux
StagingDrivers: zram
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/27/2013
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET96WW (2.56 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2306CT0
dmi.board.vendor: LENOVO
dmi.board.version: NO DPK
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG2ET96WW(2.56):bd08/27/2013:svnLENOVO:pn2306CT0:pvrThinkPadX230:rvnLENOVO:rn2306CT0:rvrNODPK:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2306CT0
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO

Revision history for this message
Stéphane Graber (stgraber) wrote :
Revision history for this message
Stéphane Graber (stgraber) wrote :

Attaching an older kernel log which contains the examples mentioned in the report.

Revision history for this message
Joseph Salisbury (jsalisbury) wrote :

Similar bug reports:
bug 1237394
bug 1241251

Changed in linux (Ubuntu):
status: New → Confirmed
importance: Undecided → High
tags: added: kernel-key
Revision history for this message
Seth Forshee (sforshee) wrote :

I get the "module verification failed" messages for libahci.ko. If the module is signed, running:

  hexdump -C /path/to/module | tail -n 5

should show the string "~Module signature appended~" at the end. I see that with i915.ko for example, but with video.ko and libahci.ko I do not. After a little poking around I'm fairly well convinced that the ones lacking signatures are all in the generic inclusion list. These modules must be getting stripped in such a way that the signatures are getting removed, or something like that.

Revision history for this message
Tim Gardner (timg-tpi) wrote :

This appears to be due to an objcopy that normally only happens on the buildds when a gnu debug section is added to a module ELF, e.g.,

objcopy --add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module $(pkgdir)/$$module

Changed in linux (Ubuntu):
assignee: nobody → Tim Gardner (timg-tpi)
Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Saucy):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → In Progress
Changed in linux (Ubuntu Trusty):
status: Confirmed → In Progress
Andy Whitcroft (apw)
Changed in linux (Ubuntu Trusty):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Saucy):
status: In Progress → Fix Committed
Andy Whitcroft (apw)
Changed in linux (Ubuntu Saucy):
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 3.12.0-4.12

---------------
linux (3.12.0-4.12) trusty; urgency=low

  [ Andy Whitcroft ]

  * [Config] switch build-depends to libiberty-dev
    Fixes FTBS
  * Release tracker
    - LP: #1255322
 -- Tim Gardner <email address hidden> Tue, 26 Nov 2013 14:44:04 -0700

Changed in linux (Ubuntu Trusty):
status: Fix Committed → Fix Released
Revision history for this message
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-saucy' to 'verification-done-saucy'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-saucy
Revision history for this message
Pasi Tarhonen (pasi-tarhonen) wrote :

module "video" is not tainting the kernel anymore with this kernel version from proposed

linux-3.11.0-15-generic

Tim Gardner (timg-tpi)
tags: added: verification-done-saucy
removed: verification-needed-saucy
Masaki Tachibana (tachibana-5)
Changed in linux (Ubuntu Saucy):
status: Fix Committed → Fix Released
Revision history for this message
Masaki Tachibana (tachibana-5) wrote :

I'm so sorry. This operation is my mistake.
Status "Fix Commited" is right. But I can't rollback status.
Somebody, could you change status?

Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu Saucy):
status: Fix Released → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (13.3 KiB)

This bug was fixed in the package linux - 3.11.0-15.23

---------------
linux (3.11.0-15.23) saucy; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1259259

  [ Tim Gardner ]

  * [Config] Build-in ohci-pci
    - LP: #1244176

linux (3.11.0-15.22) saucy; urgency=low

  [Brad Figg]

  * Release Tracking Bug
    - LP: #1257092

  [ Andy Whitcroft ]

  * [Config] CONFIG_DEBUG_BUGVERBOSE=y
    - LP: #1252353

  [ Benjamin Tissoires ]

  * SAUCE: (no-up) HID: appleir: force input to be set
    - LP: #1244505

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: Fix tasks not subject to, reloaded policy
    - LP: #1236455

  [ Kamal Mostafa ]

  * SAUCE: (no-up) drm/i915: i915.disable_pch_pwm overrides PCH_PWM_ENABLE
    quirk
    - LP: #1163720

  [ Manoj Iyer ]

  * SAUCE: Enable earlyprintk via the PL011.
    - LP: #1248233

  [ Paolo Pisati ]

  * [Config] armhf: RTC_DRV_PL031=y
    - LP: #1252242
  * [Config] armhf: CPU_FREQ=y && ARM_HIGHBANK_CPUFREQ=y
    - LP: #1249397

  [ Rob Herring ]

  * [Config] armhf: PSTORE_RAM=y and PSTORE_CONSOLE=y
    - LP: #1248492
  * SAUCE: net: calxedaxgmac: add mac address learning
    - LP: #1248233

  [ Tim Gardner ]

  * [Debian] Re-sign modules after debug objcopy
    - LP: #1253155

  [ Upstream Kernel Changes ]

  * Revert "rt2x00pci: Use PCI MSIs whenever possible"
    - LP: #1257037
  * Revert "epoll: use freezable blocking call"
    - LP: #1257037
  * Revert "select: use freezable blocking call"
    - LP: #1257037
  * Revert "ima: policy for RAMFS"
    - LP: #1257037
  * ARM: tlb: don't perform inner-shareable invalidation for local TLB ops
    - LP: #1239800
  * ARM: 7855/1: Add check for Cortex-A15 errata 798181 ECO
    - LP: #1239800
  * mfd: rtsx: Modify rts5249_optimize_phy
    - LP: #1255297
  * usb: musb: start musb on the udc side, too
    - LP: #1257037
  * usb-storage: add quirk for mandatory READ_CAPACITY_16
    - LP: #1257037
  * USB: support new huawei devices in option.c
    - LP: #1257037
  * USB: quirks.c: add one device that cannot deal with suspension
    - LP: #1257037
  * USB: quirks: add touchscreen that is dazzeled by remote wakeup
    - LP: #1257037
  * USB: serial: ftdi_sio: add id for Z3X Box device
    - LP: #1257037
  * xhci: Don't enable/disable RWE on bus suspend/resume.
    - LP: #1257037
  * cifs: Fix inability to write files >2GB to SMB2/3 shares
    - LP: #1257037
  * x86: Update UV3 hub revision ID
    - LP: #1257037
  * cpufreq: s3c64xx: Rename index to driver_data
    - LP: #1257037
  * cpufreq / intel_pstate: Fix max_perf_pct on resume
    - LP: #1257037
  * bcache: Fixed incorrect order of arguments to bio_alloc_bioset()
    - LP: #1257037
  * HID: wiimote: add LEGO-wiimote VID
    - LP: #1257037
  * cgroup: fix to break the while loop in cgroup_attach_task() correctly
    - LP: #1257037
  * mac80211: correctly close cancelled scans
    - LP: #1257037
  * mac80211: drop spoofed packets in ad-hoc mode
    - LP: #1257037
  * mac80211: use sta_info_get_bss() for nl80211 tx and client probing
    - LP: #1257037
  * mac80211: update sta->last_rx on acked tx frames
    - LP: #1257037
  * mac80211: fix crash if bitrate calculation goes wrong
    - LP: #1257...

Changed in linux (Ubuntu Saucy):
status: Fix Committed → Fix Released
Andy Whitcroft (apw)
Changed in linux-lts-raring (Ubuntu Saucy):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Quantal):
status: New → Invalid
Changed in linux-lts-raring (Ubuntu Precise):
assignee: nobody → Andy Whitcroft (apw)
status: New → In Progress
Revision history for this message
Andy Whitcroft (apw) wrote :

This support does not exist before v3.7 and therefore does not affect quantal or precise.

Changed in linux (Ubuntu Quantal):
assignee: nobody → Andy Whitcroft (apw)
status: New → Invalid
Changed in linux (Ubuntu Precise):
status: New → Invalid
assignee: nobody → Andy Whitcroft (apw)
Andy Whitcroft (apw)
Changed in linux-lts-raring (Ubuntu Precise):
importance: Undecided → Medium
Revision history for this message
Andy Whitcroft (apw) wrote :

Patch for linux-lts-raring pushed to kernel-team@ for review for SRU.

Andy Whitcroft (apw)
Changed in linux-lts-raring (Ubuntu Precise):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.9 KiB)

This bug was fixed in the package linux-lts-raring - 3.8.0-38.56~precise1

---------------
linux-lts-raring (3.8.0-38.56~precise1) precise; urgency=low

  [ Andy Whitcroft ]

  * module signature does not use hash type in older releases

linux-lts-raring (3.8.0-38.55~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1290512

  [ Tim Gardner ]

  * [Debian] Re-sign modules after debug objcopy
    - LP: #1253155

linux-lts-raring (3.8.0-38.54~precise1) precise; urgency=low

  [ Kamal Mostafa ]

  * Release Tracking Bug
    - LP: #1290512

  [ Upstream Kernel Changes ]

  * netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper
    - LP: #1274684
    - CVE-2014-1690
  * crypto: ansi_cprng - Fix off by one error in non-block size request
    - LP: #1229981
    - CVE-2013-4345
  * xfs: underflow bug in xfs_attrlist_by_handle()
    - LP: #1256091
    - CVE-2013-6382
  * crypto: s390 - fix concurrency issue in aes-ctr mode
    - LP: #1289439
  * crypto: s390 - fix des and des3_ede cbc concurrency issue
    - LP: #1289439
  * crypto: s390 - fix des and des3_ede ctr concurrency issue
    - LP: #1289439
  * [media] mxl111sf: Fix unintentional garbage stack read
    - LP: #1289439
  * [media] mxl111sf: Fix compile when CONFIG_DVB_USB_MXL111SF is unset
    - LP: #1289439
  * [media] af9035: add ID [2040:f900] Hauppauge WinTV-MiniStick 2
    - LP: #1289439
  * arm64: vdso: prevent ld from aligning PT_LOAD segments to 64k
    - LP: #1289439
  * arm64: add DSB after icache flush in __flush_icache_all()
    - LP: #1289439
  * arm64: Invalidate the TLB when replacing pmd entries during boot
    - LP: #1289439
  * arm64: vdso: fix coarse clock handling
    - LP: #1289439
  * arm64: vdso: update wtm fields for CLOCK_MONOTONIC_COARSE
    - LP: #1289439
  * drm/mgag200,ast,cirrus: fix regression with drm_can_sleep conversion
    - LP: #1289439
  * x86, hweight: Fix BUG when booting with CONFIG_GCOV_PROFILE_ALL=y
    - LP: #1289439
  * mm/swap: fix race on swap_info reuse between swapoff and swapon
    - LP: #1289439
  * mm: __set_page_dirty_nobuffers() uses spin_lock_irqsave() instead of
    spin_lock_irq()
    - LP: #1289439
  * mm: __set_page_dirty uses spin_lock_irqsave instead of spin_lock_irq
    - LP: #1289439
  * staging:iio:ad799x fix error_free_irq which was freeing an irq that may
    not have been requested
    - LP: #1289439
  * KVM: return an error code in kvm_vm_ioctl_register_coalesced_mmio()
    - LP: #1289439
  * block: __elv_next_request() shouldn't call into the elevator if
    bypassing
    - LP: #1289439
  * power: max17040: Fix NULL pointer dereference when there is no
    platform_data
    - LP: #1289439
  * s390/dump: Fix dump memory detection
    - LP: #1289439
  * ath9k_htc: make ->sta_rc_update atomic for most calls
    - LP: #1289439
  * ath9k_htc: Do not support PowerSave by default
    - LP: #1289439
  * ar5523: fix usb id for Gigaset.
    - LP: #1289439
  * ath9k: Do not support PowerSave by default
    - LP: #1289439
  * spi: nuc900: Set SPI_LSB_FIRST for master->mode_bits if hw->pdata->lsb
    is true
    - LP: #1289439
  * usb: ftdi_sio: add Mindstorms EV3 console adapter
  ...

Read more...

Changed in linux-lts-raring (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Sander Jonkers (jonkers) wrote :
Download full text (16.9 KiB)

I just installed kernel 3.19 on vivid (source: http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.19-vivid/), and dmesg shows 129 lines with

Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11

So ... is this a regression bug? Or something went wrong with the signing of this kernel 3.19?

$ uname -a
Linux superstreamer 3.19.0-031900-generic #201502091451 SMP Mon Feb 9 14:52:52 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

$ dmesg | grep -i glacier
[ 6.992226] Loaded X.509 cert 'Magrathea: Glacier signing key: 7271576a09d86ef244371b0633e47abb75b89d'
[ 7.066499] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 7.066985] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 7.069196] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 7.084944] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 7.089825] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 7.156929] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 7.192863] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 7.979314] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.115413] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.119104] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.196243] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.199199] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.228059] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.273340] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.274045] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.274848] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.284877] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.286741] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.297792] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 8.312831] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ ...

Revision history for this message
Sander Jonkers (jonkers) wrote :

FWIW:

I also installed the lowlatency version of kernel 3.19, and that dmesg doesn't show the lines "Request for unknown module key 'Magrathea: Glacier signing key:"

sander@superstreamer:~$ uname -a
Linux superstreamer 3.19.0-031900-lowlatency #201502091451 SMP PREEMPT Mon Feb 9 14:58:45 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

sander@superstreamer:~$ dmesg | grep -i glacier
[ 6.957630] Loaded X.509 cert 'Magrathea: Glacier signing key: 4b8b0790309384d5db8e13c15cd6ff49eeeeef07'

To be complete: before 3.19 I was running 3.19-rc7, and that dmesg neither showed the lines "Request for unknown module key 'Magrathea: Glacier signing key:"
So it's something specific to 3.19 generic (amd64)?

Revision history for this message
roan (roan-ss-q) wrote :
Download full text (31.4 KiB)

I installed the amd64 version of kernel 3.19 and have the same issue reported by Sander Jonkers (jonkers).

dmesg | grep -i glacier
[ 4.179034] Loaded X.509 cert 'Magrathea: Glacier signing key: 7271576a09d86ef244371b0633e47abb75b89d'
[ 4.208578] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.208723] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.210288] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.211696] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.213631] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.935895] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.935896] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.935902] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.936465] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.936485] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.936487] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.949235] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.949245] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 4.949359] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 5.274981] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 5.278521] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 12.106723] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 12.276910] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 12.378601] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 12.576494] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 15.376155] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 15.376172] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' err -11
[ 15.380463] Request for unknown module key 'Magrathea: Glacier signing key: 007271576a09d86ef244371b0633e47abb75b89d' er...

Revision history for this message
Sander Jonkers (jonkers) wrote :

Solved by installing the kernel from http://kernel.ubuntu.com/~kernel-ppa/mainline/daily/2015-02-10-vivid/ leading to "3.19.0-999-generic #201502092105"

According to https://bugzilla.kernel.org/show_bug.cgi?id=92981 the kernel on http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.19-vivid/ was built incorrectly

Revision history for this message
NoOp (glgxg) wrote :

3.19.1 clears the issue for me:

~$ uname -a
Linux g 3.19.1-031901-generic #201503080052 SMP Sun Mar 8 00:54:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
$ dmesg | grep Magrathea
[ 0.922583] Loaded X.509 cert 'Magrathea: Glacier signing key: f6e44eefe0b3323a7a9c2576cad3252ee3ee7cfc'

http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.19.1-vivid/

Revision history for this message
danmb (danmbox) wrote :

I'm seeing this with linux-lowlatency-lts-utopic...

Revision history for this message
danmb (danmbox) wrote :

Sorry, this is on Trusty amd64, with linux-lowlatency-lts-utopic 3.16.0.31.24

Revision history for this message
Paul Crawford (psc-sat) wrote :

This is also happening with the latest supported kernel on 14.04 LTS. We are seeing various repeated messages of "Request for unknown module key 'Magrathea: Glacier signing key: 6fca287c2573d09ca32c1980c0d763777a63d4f5' err -11" on some, but not all, machines running this. I guess it relates to the instillation option(s)?

$uname -a
Linux processviirs 3.13.0-52-generic #86-Ubuntu SMP Mon May 4 04:32:59 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Revision history for this message
B. (b-deactivatedaccount-deactivatedaccount) wrote :

Same issue

$ lsb_release -r
Release: 14.04
$ uname -r
3.13.0-52-generic

May 10 00:40:40 kernel: [...] Request for unknown module key 'Magrathea: Glacier signing key: 1981bc916ffc00599231ec5630e666e0256fd6f1' err -11
May 10 00:40:40 kernel: [...] ipt_REJECT: module verification failed: signature and/or required key missing - tainting kernel

Revision history for this message
Christian Kujau (christiank) wrote :

Why is this bug set to "Fix released" for Trusty? This is still happening:

$ uname -rv
3.13.0-53-generic #88-Ubuntu SMP Wed May 13 18:10:29 UTC 2015

$ modprobe xfs
$ dmesg -T | tail -2
[Fri May 29 10:41:08 2015] Request for unknown module key 'Magrathea: Glacier signing key: 9aac900abd0220fb93c8be10f20d6973dab829f5' err -11
[Fri May 29 10:41:08 2015] SGI XFS with ACLs, security attributes, realtime, large block/inode numbers, no debug enabled

Revision history for this message
Hassan El Jacifi (waver) wrote :

Hi Folks,

I have the same behavior:

3.19.0-30-generic #33-Ubuntu SMP Mon Sep 21 20:58:04 UTC 2015
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 15.04
Release: 15.04
Codename: vivid

[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11
[mar. oct. 6 00:06:18 2015] JFS: nTxBlock = 8192, nTxLock = 65536
[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11
[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11
[mar. oct. 6 00:06:18 2015] ntfs: driver 2.1.31 [Flags: R/O MODULE].
[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11
[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11
[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11
[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11
[mar. oct. 6 00:06:18 2015] QNX4 filesystem 0.2.3 registered.
[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11
[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11
[mar. oct. 6 00:06:18 2015] raid6: sse2x1 5577 MB/s
[mar. oct. 6 00:06:18 2015] raid6: sse2x2 5407 MB/s
[mar. oct. 6 00:06:18 2015] raid6: sse2x4 6000 MB/s
[mar. oct. 6 00:06:18 2015] raid6: using algorithm sse2x4 (6000 MB/s)
[mar. oct. 6 00:06:18 2015] raid6: using ssse3x2 recovery algorithm
[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11
[mar. oct. 6 00:06:18 2015] xor: measuring software checksum speed
[mar. oct. 6 00:06:18 2015] prefetch64-sse: 7562.000 MB/sec
[mar. oct. 6 00:06:18 2015] generic_sse: 6699.000 MB/sec
[mar. oct. 6 00:06:18 2015] xor: using function: prefetch64-sse (7562.000 MB/sec)
[mar. oct. 6 00:06:18 2015] Request for unknown module key 'Magrathea: Glacier signing key: 08411dd668c266d59a96c625b3012497b2351542' err -11

tags: added: vivid
Revision history for this message
Marc Vanhoomissen (mvh) wrote :

In my case:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty

$ uname -rv
3.13.0-65-generic #105-Ubuntu SMP Mon Sep 21 18:50:58 UTC 2015

$ dmesg | grep -i glacier
[ 1.764257] Loaded X.509 cert 'Magrathea: Glacier signing key: e1880bb8882cef95be763dfd1fabc4dc436c45ac'
[310783.576233] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.577199] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.583592] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.587723] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.589683] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.591042] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.592743] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.594090] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.595807] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.596889] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.598472] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.676467] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11
[310783.881365] Request for unknown module key 'Magrathea: Glacier signing key: 27cd636c818cdb452f9bcdff71219c6cf384f51a' err -11

Revision history for this message
lithorus (lithorus) wrote :

Just had the same error in Ubuntu 14.04, but noticed that it only occured AFTER I had updated from kernel 3.19.0-30-generic #33 to 3.19.0-30-generic #34 and especially after loading any new module.

Kernel 3.19.0-30-generic #33 and 3.19.0-30-generic #34 has the same path so it makes sense that it's an incompability between loading 3.19.0-30-generic #34 modules into the already running 3.19.0-30-generic #33 kernel.

A simple reboot and no errors.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.