All autopkgtests for the newly accepted linux-bluefield (5.0.0-1010.20) for bionic have finished running. The following regressions have been reported in tests triggered by the package:
fsprotect/unknown (armhf) Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1]. https://people.canonical.com/~ubuntu-archive/proposed- migration/bionic/update_excuses.html#linux-bluefield [1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions Thank you! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-oem in Ubuntu. https://bugs.launchpad.net/bugs/1861238 Title: Root can lift kernel lockdown via USB/IP Status in linux package in Ubuntu: In Progress Status in linux-oem package in Ubuntu: New Status in linux source package in Xenial: Invalid Status in linux source package in Bionic: Fix Committed Status in linux-oem source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Status in linux source package in Eoan: Fix Committed Status in linux source package in Focal: In Progress Bug description: [Impact] It's possible to turn off kernel lockdown by emulating a USB keyboard via USB/IP and sending an Alt+SysRq+X key combination through it. Ubuntu's kernels have USB/IP enabled (CONFIG_USBIP_VHCI_HCD=m and CONFIG_USBIP_CORE=m) with signed usbip_core and vhci_hcd modules provided in the linux-extra-modules-* package. See the PoC here: https://github.com/xairy/unlockdown#method-1-usbip [Test Case] $ git clone https://github.com/xairy/unlockdown.git $ cd unlockdown/01-usbip/ $ sudo ./run.sh $ dmesg # Ensure there are no log entries talking about lifting lockdown: sysrq: SysRq : Disabling Secure Boot restrictions Lifting lockdown # You should see a SysRq help log entry because the Alt+SysRq+X # combination should be disabled sysrq: SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z) [Regression Potential] Some users may see a usability regression due to the Lockdown lift sysrq combination being removed. Some users are known to disable lockdown, using the sysrq combination, in order to perform some "dangerous" operation such as writing to an MSR. It is believed that this is a small number of users but it is impossible to know for sure. Users that rely on this functionality may need to permanently disable secure boot using 'mokutil --disable-validation'. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1861238/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
