Bug 196871 - (signedmodules) signed modules patches prevent booting.
signed modules patches prevent booting.
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Howells
Brian Brock
: 196905 197014 197071 (view as bug list)
Depends On:
Blocks: 202464
  Show dependency treegraph
Reported: 2006-06-27 09:48 EDT by Ronald Warsow
Modified: 2007-11-30 17:11 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-08 14:34:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
digicam picture kernel panic (940.28 KB, image/jpeg)
2006-06-27 09:48 EDT, Ronald Warsow
no flags Details
output from kernel 2.6.17-1.2328.fc6 (1.04 MB, image/jpeg)
2006-06-29 09:15 EDT, Ronald Warsow
no flags Details

  None (edit)
Description Ronald Warsow 2006-06-27 09:48:50 EDT
Description of problem:
kernel 2.6.17-1.2318_FC6 (i386) panics (see didicam picture)

Version-Release number of selected component (if applicable):

How reproducible:
install kernel 2.6.17-1.2318_FC6

Steps to Reproduce:
1. reboot
Actual results:

Expected results:

Additional info:
no diffs in initrd's (2.6.17-1.2307, 2.6.17-1.2318)
machine amd k8, chipset via K8T800Pro
could i debug this / provide more info ?
Comment 1 Ronald Warsow 2006-06-27 09:48:51 EDT
Created attachment 131599 [details]
digicam picture kernel panic
Comment 2 Michal Jaegermann 2006-06-27 14:22:32 EDT
On x86_64 machine I am seeing this with 2.6.17-1.2318_FC6:

switchroot: mount failed: No such file or directory
Kernel panic - not syncing: Attempted to kill init!

Call Trace: <ffffffff8026e86e>{dump_stack+18}

and a power switch is the only way out.
Comment 3 Dave Jones 2006-06-27 20:20:57 EDT
The signed modules code is broken.
For some reason the modules end up signed with a different key than the one we
use at build time.
Comment 4 Dave Jones 2006-06-27 20:25:26 EDT
*** Bug 196905 has been marked as a duplicate of this bug. ***
Comment 5 Dave Jones 2006-06-27 22:18:22 EDT
*** Bug 197014 has been marked as a duplicate of this bug. ***
Comment 6 Dave Jones 2006-06-27 22:20:22 EDT
further datapoint: The FC6 kernel recompiled on FC5 also exhibits this problem,
ruling out any toolchain/gpg issues.

For now I'm disabling the signed modules patch in tomorrows rawhide.
Leave this bug open, as the patch needs fixing at some point.
Comment 7 Ronald Warsow 2006-06-29 09:15:32 EDT
Created attachment 131747 [details]
output from kernel 2.6.17-1.2328.fc6
Comment 8 Ronald Warsow 2006-06-29 09:25:02 EDT
it means ... from kernel (not enough sleep last night)

last line i could see was
starting udev....
(see digicam picture)

- 2328.fc6
      ^^^ (tricky ?)

"- Disable the signed module patches for now, they need love."
 i can't love it ....

Comment 9 Tom Horsley 2006-06-29 09:39:26 EDT
Just for curiosity, what are the implications (orther than a new way to
screw up releases :-) of signed modules?

If I build my own kernel modules, will I be unable to load them?

If I can build a module that will load anyway, wht is the point of signed
modules, since a hacker to do the same thing (I presume the idea is
to prevent hackers from installing bogus modules)?
Comment 10 Ronald Warsow 2006-06-30 12:40:27 EDT
2.6.17-1.2336.fc6 boot & works !
Comment 11 Dave Jones 2006-07-11 01:40:08 EDT
*** Bug 197071 has been marked as a duplicate of this bug. ***
Comment 12 David Howells 2006-08-04 10:59:15 EDT
This appears to be due to the dia_update() crypto op changing its prototype, 
so that the calculation buffer appears displaced from where it ought to be in 
Comment 13 Ronald Warsow 2006-08-04 11:29:05 EDT
should this bug not be closed ?
for me it is gone since 2.6.17-1.2336.fc6 and we are now at 2.6.17-1.2510.fc6.
sorry - i am not a kernel developer -, but maybe you spent a lot of time on
"old" stuff...
my "pains" are now at Bugzilla Bug 200638.
Comment 14 David Howells 2006-08-04 15:38:26 EDT
> should this bug not be closed ?

No, not yet.  The fix is not yet applied - module signing is currently 
Comment 15 Dave Jones 2006-08-08 14:34:06 EDT
Should be fixed in todays rawhide.

Note You need to log in before you can comment on or make changes to this bug.