On Mon, May 12, 2025 at 10:34:51PM +0200, Salvatore Bonaccorso wrote: > Control: severity -1 serious > > Hi Robert, > > On Mon, May 12, 2025 at 04:38:19PM +0100, Robert Shearman wrote: > > Package: src:linux > > Version: 6.1.137-1 > > Severity: important > > X-Debbugs-Cc: r...@graphiant.com > > > > rob@graph-dev-bookworm:~$ sudo modprobe watchdog > > modprobe: ERROR: could not insert 'watchdog': Bad message > > > > Using extract-module-sig.pl from > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/scripts/extract-module-sig.pl > > shows there is no signature present for the watchdog kernel object > > file: > > > > $ ~/Downloads/extract-module-sig.pl -s > > /lib/modules/6.1.0-35-amd64/kernel/drivers/watchdog/watchdog.ko > > Read 91616 bytes from module file > > Found magic number at 91616 > > Found PKCS#7/CMS encapsulation > > > > Compared to 6.1.0-34-amd64 version: > > > > $ ~/Downloads/extract-module-sig.pl -s > > /lib/modules/6.1.0-34-amd64/kernel/drivers/watchdog/watchdog.ko > > Read 92027 bytes from module file > > Found magic number at 92027 > > Found PKCS#7/CMS encapsulation > > Found 411 bytes of signature [3082019706092a864886f70d010702a0] > > ... > > So indeed there was likely a temporary problem when doing the signing > of the modules for linux-signed-amd64. There is the watchdog module > and w83977f_wdt one which have zero size signature: > > ./linux-signed-amd64-6.1.137+1/debian/signatures/linux-image-6.1.0-35-amd64-unsigned/lib/modules/6.1.0-35-amd64/kernel/drivers/watchdog/watchdog.ko.sig > ./linux-signed-amd64-6.1.137+1/debian/signatures/linux-image-6.1.0-35-amd64-unsigned/lib/modules/6.1.0-35-amd64/kernel/drivers/watchdog/w83977f_wdt.ko.sig > > I checked as well linux-signed-i386 and linux-signed-arm64 but there I > found none with a problem. > > Ansgar, assuming at this point we cannot do something anymore for the > point release. > > Cyril, Adam, so skip the kernel update for the upcoming point release?
The alternative would be given that the "only" two modules affected are watchdog and w83977f_wdt to proceed as planned with the point release (testing, Cyril?) and make a nearby src:linux DSA release including further security fixes. 6.14.7, 6.12.29 and 6.1.139 are currently beeing reviewed upstream in particular including the ITS variant of the "Training Solo" issue (side note, to be effective the fixes will need as well a intel-microcode update, cf. #1105172). Regards, Salvatore
