[Bug 1129471] New: kernel 5.0.1-1-default: Problem loading X.509 certificate -65
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 Bug ID: 1129471 Summary: kernel 5.0.1-1-default: Problem loading X.509 certificate -65 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-maintainers@forge.provo.novell.com Reporter: hendrikw@arcor.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Sins Tumbleweed 20190314, with kernel 5.0.1-1-default (x86_64) I get the following message during boot: integrity: Problem loading X.509 certificate -65 Log snippet: [ 2.985576] sched_clock: Marking stable (2989021511, -3468039)->(2994215803, -8662331) [ 2.986009] registered taskstats version 1 [ 2.986012] Loading compiled-in X.509 certificates [ 2.986062] Loaded X.509 cert 'openSUSE Secure Boot Signkey: 0332fa9cbf0d88bf21924b0de82a09a54d5defc8' [ 2.986093] zswap: loaded using pool lzo/zbud [ 2.998908] Key type big_key registered [ 3.005600] Key type encrypted registered [ 3.005606] AppArmor: AppArmor sha1 policy hashing enabled [ 3.008353] integrity: Loading X.509 certificate: UEFI:db [ 3.008414] integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' [ 3.008415] integrity: Loading X.509 certificate: UEFI:db [ 3.008452] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' [ 3.008453] integrity: Loading X.509 certificate: UEFI:db [ 3.008476] integrity: Loaded X.509 cert 'Acer Database: 84f00f5841571abd2cc11a8c26d5c9c8d2b6b0b5' [ 3.008477] integrity: Loading X.509 certificate: UEFI:db [ 3.008482] integrity: Problem loading X.509 certificate -65 [ 3.008494] fbcon: Taking over console [ 3.008496] Error adding keys to platform keyring UEFI:db [ 3.008497] integrity: Loading X.509 certificate: UEFI:db [ 3.008501] integrity: Problem loading X.509 certificate -65 [ 3.008505] Error adding keys to platform keyring UEFI:db [ 3.008596] Console: switching to colour frame buffer device 240x67 [ 3.009680] integrity: Loading X.509 certificate: UEFI:MokListRT [ 3.009739] integrity: Loaded X.509 cert 'openSUSE Secure Boot Signkey: 0332fa9cbf0d88bf21924b0de82a09a54d5defc8' [ 3.009740] integrity: Loading X.509 certificate: UEFI:MokListRT [ 3.012608] integrity: Loaded X.509 cert 'openSUSE Secure Boot CA: 6842600de22c4c477e95be23dfea9513e5971762' [ 3.014923] ima: Allocated hash algorithm: sha256 [ 3.052885] evm: Initialising EVM extended attributes: hardware: Laptop Acer Aspire A517-51-5832, one year old -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c3 --- Comment #3 from Hendrik Woltersdorf <hendrikw@arcor.de> --- Just to make sure, it is actually a kernel issue, I booted kernel 4.20.13-1-default. With this kernel I see no errors. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c4 Karl Mistelberger <karl.mistelberger@nefkom.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |karl.mistelberger@nefkom.ne | |t --- Comment #4 from Karl Mistelberger <karl.mistelberger@nefkom.net> --- The following occurs with secure boot off: Mar 19 18:20:32 erlangen kernel: integrity: Loading X.509 certificate: UEFI:db Mar 19 18:20:32 erlangen kernel: integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' Mar 19 18:20:32 erlangen kernel: integrity: Loading X.509 certificate: UEFI:db Mar 19 18:20:32 erlangen kernel: integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' Mar 19 18:20:32 erlangen kernel: Couldn't get size: 0x800000000000000e Mar 19 18:20:32 erlangen kernel: fbcon: Taking over console Mar 19 18:20:32 erlangen kernel: Couldn't get UEFI MokListRT -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 Neil Rickert <nwr10cst-oslnx@yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nwr10cst-oslnx@yahoo.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|kernel-maintainers@forge.pr |jlee@suse.com |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c5 Andrei Borzenkov <arvidjaar@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |arvidjaar@gmail.com --- Comment #5 from Andrei Borzenkov <arvidjaar@gmail.com> --- (In reply to Hendrik Woltersdorf from comment #2)
Yes, I think, it is a regression.
Kernel 5.0 is the first upstream kernel to import UEFI certificates for module integrity check, so it is hardly can be called a regression unless SUSE included those patches before. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c6 --- Comment #6 from Karl Mistelberger <karl.mistelberger@nefkom.net> --- See also discussion at openSUSE: https://forums.opensuse.org/showthread.php/535324-MODSIGN-Couldn-t-get-UEFI-... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c7 --- Comment #7 from Joey Lee <jlee@suse.com> --- (In reply to Hendrik Woltersdorf from comment #0)
Sins Tumbleweed 20190314, with kernel 5.0.1-1-default (x86_64) I get the following message during boot: integrity: Problem loading X.509 certificate -65
Log snippet: [ 2.985576] sched_clock: Marking stable (2989021511, -3468039)->(2994215803, -8662331) [ 2.986009] registered taskstats version 1 [ 2.986012] Loading compiled-in X.509 certificates [ 2.986062] Loaded X.509 cert 'openSUSE Secure Boot Signkey: 0332fa9cbf0d88bf21924b0de82a09a54d5defc8' [ 2.986093] zswap: loaded using pool lzo/zbud [ 2.998908] Key type big_key registered [ 3.005600] Key type encrypted registered [ 3.005606] AppArmor: AppArmor sha1 policy hashing enabled [ 3.008353] integrity: Loading X.509 certificate: UEFI:db [ 3.008414] integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' [ 3.008415] integrity: Loading X.509 certificate: UEFI:db [ 3.008452] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' [ 3.008453] integrity: Loading X.509 certificate: UEFI:db [ 3.008476] integrity: Loaded X.509 cert 'Acer Database: 84f00f5841571abd2cc11a8c26d5c9c8d2b6b0b5' [ 3.008477] integrity: Loading X.509 certificate: UEFI:db [ 3.008482] integrity: Problem loading X.509 certificate -65 [ 3.008494] fbcon: Taking over console [ 3.008496] Error adding keys to platform keyring UEFI:db [ 3.008497] integrity: Loading X.509 certificate: UEFI:db [ 3.008501] integrity: Problem loading X.509 certificate -65 [ 3.008505] Error adding keys to platform keyring UEFI:db [ 3.008596] Console: switching to colour frame buffer device 240x67 [ 3.009680] integrity: Loading X.509 certificate: UEFI:MokListRT [ 3.009739] integrity: Loaded X.509 cert 'openSUSE Secure Boot Signkey: 0332fa9cbf0d88bf21924b0de82a09a54d5defc8' [ 3.009740] integrity: Loading X.509 certificate: UEFI:MokListRT [ 3.012608] integrity: Loaded X.509 cert 'openSUSE Secure Boot CA: 6842600de22c4c477e95be23dfea9513e5971762' [ 3.014923] ima: Allocated hash algorithm: sha256 [ 3.052885] evm: Initialising EVM extended attributes:
hardware: Laptop Acer Aspire A517-51-5832, one year old
Base on this log, there have two unkown certificates can not be parsed. Other certificates are parsed success. MS Windows, Acer (in db), and openSUSE (in MOK) are no problem. Please help to attach the result of "mokutil --db". Thanks -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |hendrikw@arcor.de Flags| |needinfo?(hendrikw@arcor.de | |) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c8 --- Comment #8 from Joey Lee <jlee@suse.com> --- (In reply to Andrei Borzenkov from comment #5)
(In reply to Hendrik Woltersdorf from comment #2)
Yes, I think, it is a regression.
Kernel 5.0 is the first upstream kernel to import UEFI certificates for module integrity check, so it is hardly can be called a regression unless SUSE included those patches before.
It's a good news for mainline kernel really supports MOK now. Finally... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c9 --- Comment #9 from Joey Lee <jlee@suse.com> --- (In reply to Karl Mistelberger from comment #4)
The following occurs with secure boot off:
Mar 19 18:20:32 erlangen kernel: integrity: Loading X.509 certificate: UEFI:db Mar 19 18:20:32 erlangen kernel: integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' Mar 19 18:20:32 erlangen kernel: integrity: Loading X.509 certificate: UEFI:db Mar 19 18:20:32 erlangen kernel: integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' Mar 19 18:20:32 erlangen kernel: Couldn't get size: 0x800000000000000e Mar 19 18:20:32 erlangen kernel: fbcon: Taking over console Mar 19 18:20:32 erlangen kernel: Couldn't get UEFI MokListRT
The 0x800000000000000e is EFI_NOT_FOUND. It's harmless. I will send my efi_status_to_str() patch to mainline to improve EFI log. The 0x800000000000000e is not about this issue. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c10 --- Comment #10 from Joey Lee <jlee@suse.com> --- (In reply to Joey Lee from comment #7)
(In reply to Hendrik Woltersdorf from comment #0)
Sins Tumbleweed 20190314, with kernel 5.0.1-1-default (x86_64) I get the following message during boot: integrity: Problem loading X.509 certificate -65
[...snip]
[ 3.008477] integrity: Loading X.509 certificate: UEFI:db [ 3.008482] integrity: Problem loading X.509 certificate -65 [ 3.008494] fbcon: Taking over console [ 3.008496] Error adding keys to platform keyring UEFI:db [ 3.008497] integrity: Loading X.509 certificate: UEFI:db [ 3.008501] integrity: Problem loading X.509 certificate -65 [...snip]
hardware: Laptop Acer Aspire A517-51-5832, one year old
Base on this log, there have two unkown certificates can not be parsed. Other certificates are parsed success. MS Windows, Acer (in db), and openSUSE (in MOK) are no problem.
Please help to attach the result of "mokutil --db".
Please also help to attach db on bugzilla: /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f Please copy the above db-* file and attach here. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c11 --- Comment #11 from Hendrik Woltersdorf <hendrikw@arcor.de> --- Created attachment 800740 --> http://bugzilla.opensuse.org/attachment.cgi?id=800740&action=edit output of mokutil --db -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c12 Hendrik Woltersdorf <hendrikw@arcor.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(hendrikw@arcor.de | |) | --- Comment #12 from Hendrik Woltersdorf <hendrikw@arcor.de> --- Created attachment 800741 --> http://bugzilla.opensuse.org/attachment.cgi?id=800741&action=edit /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f I attached the two files. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c13 --- Comment #13 from Joey Lee <jlee@suse.com> --- (In reply to Hendrik Woltersdorf from comment #11)
Created attachment 800740 [details] output of mokutil --db
There have two self sign certificates in db: CN=DisablePW and CN=ABO Base on dmesg log, I think that two certificates can not be parsed. I am extracting those two certificates from db for reproducing issue. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c14 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #14 from Joey Lee <jlee@suse.com> --- The DisablePW and ABO used a obsolete OID for Authority Key Identifier. It's already obsoleted before 1997: X509v3 extensions: 2.5.29.1: 0<..P...)....d..c.X...0.1.0...U....DisablePW......B...Ib&..7.. More information here: http://www.oid-info.com/get/2.5.29.1 Now the OID of Authority Key Identifier is 2.5.29.35 which is supported by kernel now. I will looking at that if we want print a warning message in kernel when I have time. Set this issue to WONTFIX. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c15 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX |--- --- Comment #15 from Joey Lee <jlee@suse.com> --- (In reply to Joey Lee from comment #14)
The DisablePW and ABO used a obsolete OID for Authority Key Identifier. It's already obsoleted before 1997:
X509v3 extensions: 2.5.29.1:
0<..P...)....d..c.X...0.1.0...U....DisablePW......B...Ib&..7..
More information here: http://www.oid-info.com/get/2.5.29.1
Now the OID of Authority Key Identifier is 2.5.29.35 which is supported by kernel now.
I will looking at that if we want print a warning message in kernel when I have time.
Set this issue to WONTFIX.
I have re-opened this issue because I didn't see "Extension:" log in dmesg after I enabled dynamic debugging log of x509_cert_parser. Using obsolete OID is bad. But it's may not the root cause of -65. In case that I missed any other problem. I re-opened this issue and tracing more detail. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c16 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |WONTFIX --- Comment #16 from Joey Lee <jlee@suse.com> --- OK! Found another obsolete OID sha1WithRSASignature in DisablePW and ABO certificates. There have a kernel patch that's sent in 2017 but it didn't receive any comment from community: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1486333.html The obsolete be only found on Acer machine. And, I didn't see any good reason for support those obsolete OID currently. So, I still set this bug to WONTFIX unless anyone gives good reason for why we need DisablePW and ABO certificates on Linux. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c17 --- Comment #17 from Joey Lee <jlee@suse.com> --- I have sent patches to mainline, waiting response: https://lkml.org/lkml/2019/3/22/60 https://lkml.org/lkml/2019/3/22/277 https://lkml.org/lkml/2019/3/22/278 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c18 c zg <czgf2v@163.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |czgf2v@163.com Hardware|Other |x86-64 OS|Other |Ubuntu --- Comment #18 from c zg <czgf2v@163.com> --- Could I ask same questions about this same problem on ubuntu 22 after upgrading from 20. I followed the instructions in this issue. I run ---------------------------- czg:~$ journalctl -b | grep "Loading X.509 certificate" -A 3 Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loading X.509 certificate: UEFI:db Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loading X.509 certificate: UEFI:db Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loading X.509 certificate: UEFI:db Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loaded X.509 cert 'OK Certificate: c8c73a37546046ab495c33f4d0856052' Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loading X.509 certificate: UEFI:db Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Problem loading X.509 certificate -65 Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: fbcon: Taking over console Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Error adding keys to platform keyring UEFI:db Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loading X.509 certificate: UEFI:db Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loaded X.509 cert 'EUJinn: 2d9ec14a26c9fcae420ef406a6e9492b' Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: Console: switching to colour frame buffer device 240x67 Mar 19 10:51:48 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Revoking X.509 certificate: UEFI:dbx -------------------------- here maybe only one key loaded fails(which is the one with 'Subject: CN=Joe's-Software-Emporium'. According to this link https://kompy.info/digital-signatures-for-kernel-modules-on-systems-running-... ���it is an certificate not specified a name, which is weird). in my 'mokutil --db' output the first two keys ���SHA1 Fingerprint��� same with the above attachment, the left three all use ���2.5.29.1��� OID here is the left three keys ------------------------------ [key 3] SHA1 Fingerprint: 20:04:e2:27:fe:e0:11:29:af:c7:d2:5b:f3:16:38:c9:b4:60:5f:e7 Certificate: Data: Version: 3 (0x2) Serial Number: (Negative)37:38:c5:c8:ab:9f:b9:54:b6:a3:cc:0b:2f:7a:9f:ae Signature Algorithm: sha256WithRSAEncryption Issuer: CN=OK Certificate Validity Not Before: Dec 31 16:00:00 2012 GMT Not After : Dec 31 23:59:59 2039 GMT Subject: CN=OK Certificate Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:bf:f4:67:ea:e3:01:e7:c3:44:ef:5e:ff:59:99: 4b:60:df:92:2b:51:87:a4:4a:bb:50:53:c2:7d:17: 67:0a:02:e6:c2:75:77:2c:23:b7:f2:a5:23:0a:40: 53:0a:d5:61:30:24:3f:d2:23:40:af:ff:79:a7:1b: 7e:1a:cd:96:2c:04:8f:87:da:4e:d6:09:71:b0:2d: 89:4f:28:a5:81:79:9b:f5:32:d9:23:2f:ec:7f:ab: 8e:d9:04:a0:23:44:98:b7:b5:a2:91:7f:d3:64:6d: ef:3d:7b:99:38:2b:81:ea:32:83:55:84:9c:2c:7b: 5e:af:3c:56:d6:b2:25:d6:5b:f0:82:62:05:e2:53: 3d:2d:d5:a2:db:44:a6:e1:8a:9a:19:f2:01:64:21: dd:26:66:7e:04:32:d1:09:b9:3b:8c:bb:49:ec:fb: 84:7c:fe:39:65:fb:f6:b7:9c:20:06:fb:d4:e7:2d: b5:0f:34:19:ce:19:8a:de:71:f4:6c:16:18:b9:b2: 6b:5f:8f:77:85:20:79:09:90:92:3a:50:3a:f5:1d: 63:02:1d:4b:57:54:89:8c:1a:a8:0a:21:b2:91:ca: 41:f1:19:aa:dd:47:f6:9e:e4:fd:84:a7:33:01:d2: e8:0a:2a:aa:64:4d:a4:b1:89:3a:de:53:94:18:5e: c8:db Exponent: 65537 (0x10001) X509v3 extensions: 2.5.29.1: 0A...x..ZG...d...@9...0.1.0...U....OK Certificate....:7T`F.I\3...`R Signature Algorithm: sha256WithRSAEncryption Signature Value: 87:37:8a:67:2e:2e:ec:f2:5d:ca:8e:c9:94:62:21:c1:99:96: 32:78:0f:37:e2:5f:41:9d:71:17:30:ac:48:1c:d9:e8:5a:fe: b6:e3:cb:99:a5:dd:d9:6d:46:6f:9e:1d:f9:11:d3:ef:05:07: d0:85:90:b1:07:38:ff:7e:64:4c:1d:74:a8:eb:a0:3e:44:35: 95:3d:8c:03:65:f2:89:59:c0:94:24:7a:f9:03:5a:8b:d5:af: 43:33:80:d4:0d:8d:f4:e7:7a:c8:60:7b:cc:fb:ec:79:3a:c4: 53:42:d1:1c:d6:55:28:c6:eb:11:7d:e0:99:63:15:f4:4b:d0: 15:aa:40:f4:35:46:be:bf:62:4c:a5:3d:fe:36:dc:7f:fd:01: 58:92:97:90:39:4e:16:7c:65:4c:ad:a7:a2:2f:63:88:f4:22: a6:9b:7f:e8:dd:3b:28:cc:9c:12:f2:99:e4:16:e7:9c:a6:12: 18:20:af:04:ec:9c:a7:3e:de:5a:b2:b3:c9:7d:e4:99:05:00: b4:c9:67:4a:bc:0f:2a:79:15:01:8a:6a:ca:74:f5:fc:ae:e2: 36:be:5e:59:f0:84:20:10:5f:5d:ee:46:27:98:79:57:85:2e: a7:a7:95:da:e6:24:7d:13:42:bf:fb:74:d0:ea:6c:aa:45:c3: 3b:ca:f9:78 [key 4] SHA1 Fingerprint: c3:5e:b2:db:6d:29:e3:ea:04:86:a2:bf:f1:8e:27:78:e6:72:b0:c7 Certificate: Data: Version: 3 (0x2) Serial Number: 54:01:7d:cb:80:17:e7:b0:4c:79:3b:4e:fc:5e:13:67 Signature Algorithm: sha1WithRSA Issuer: CN=Root Agency Validity Not Before: Jul 21 02:07:33 2016 GMT Not After : Dec 31 23:59:59 2039 GMT Subject: CN=Joe's-Software-Emporium Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e7:36:da:6a:86:75:07:de:03:f9:a1:f9:26:51: 56:2c:40:6d:1b:ed:24:c5:fb:63:10:4a:9a:a7:d1: a5:df:43:f5:00:39:92:34:c4:06:ac:46:36:4b:8a: 07:af:c2:03:80:70:62:06:58:08:83:da:4e:ed:9d: 60:51:91:3f:74:42:29:f8:d9:20:af:b7:e7:e4:b4: d2:1f:b2:42:e6:25:f8:77:a6:bf:09:2a:94:22:52: 6f:5e:6a:aa:8a:f9:cb:01:2f:79:9a:91:20:0a:9c: 47:89:df:24:e9:a0:46:ef:b5:2c:c9:8d:99:c8:e3: 5e:63:a7:bc:13:0f:59:9a:64:5d:00:12:20:18:27: 55:cf:02:5c:73:1c:82:21:7f:f1:08:89:c0:3d:ac: da:3e:d3:89:6b:f6:7d:ff:3c:6d:cc:ac:99:e9:7d: ab:3a:32:f6:38:39:3d:e4:2e:c3:69:21:f6:35:9a: 5f:f1:24:32:b7:31:c3:fc:e2:4a:4d:fb:e9:42:fb: e3:2e:3f:8d:f2:f2:54:14:10:b0:88:b1:27:ba:12: c5:ae:3b:f4:da:5c:c1:9b:1b:09:64:73:53:af:1d: 32:92:09:39:6a:de:de:ea:97:6c:fc:ca:81:84:1f: b3:97:b3:e6:09:97:ff:8c:e4:16:22:d5:00:9b:bd: 9a:55 Exponent: 65537 (0x10001) X509v3 extensions: 2.5.29.1: 0>.....-...O..a!..dc..0.1.0...U....Root Agency...7l...d......\5. Signature Algorithm: sha1WithRSA Signature Value: 62:97:da:8b:8f:75:0e:40:05:08:a5:e3:62:db:bc:09:35:7e: 4c:62:1c:75:9f:2d:44:38:01:7d:4d:a1:03:2c:29:1b:9e:3c: 17:93:e9:72:69:c1:7b:a0:87:6b:d4:f5:da:17:0f:0c:d0:0a: 37:bc:55:93:f2:0e:16:1a:51:72 [key 5] SHA1 Fingerprint: c6:28:29:2a:62:fd:4a:f7:2a:63:be:bf:65:dc:59:10:45:c6:fa:ea Certificate: Data: Version: 3 (0x2) Serial Number: 2d:9e:c1:4a:26:c9:fc:ae:42:0e:f4:06:a6:e9:49:2b Signature Algorithm: sha256WithRSAEncryption Issuer: CN=Trust - Lenovo Certificate Validity Not Before: Oct 29 09:41:52 2019 GMT Not After : Dec 31 23:59:59 2039 GMT Subject: CN=EUJinn Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e0:62:0c:15:21:8a:16:36:4b:a9:93:9d:a4:ea: 97:9d:21:c3:2d:cd:ab:6b:a6:68:40:2c:05:a3:74: 91:a4:fb:01:61:95:96:0c:5e:ca:97:95:49:90:f6: f4:96:6b:02:c2:b4:fe:3b:17:f0:af:7f:28:5e:41: cd:b2:71:8d:86:4d:76:ed:70:52:c5:63:eb:ea:5d: b4:88:82:70:ba:53:1a:76:93:75:fa:63:58:98:52: c4:8b:65:10:74:21:40:b4:fb:f3:c1:14:6d:c7:40: 30:a3:5d:43:9b:50:fb:3b:cc:c6:8e:9d:05:7d:b5: 20:7a:c8:8d:93:93:88:ce:8e:01:94:68:6f:d2:a0: 16:70:ae:c6:99:25:a6:da:09:63:98:37:7c:29:f3: 0b:46:5a:3b:77:1e:cf:73:59:b8:8b:82:34:f8:45: 77:27:43:0b:8f:c6:bb:6a:43:75:83:68:d5:21:e3: 33:eb:7a:90:16:ff:fc:6c:e7:ad:d2:89:6d:d1:29: 06:d3:f0:cf:61:60:34:b8:8e:6d:8e:03:cd:ab:d7: 7d:3d:b5:38:2d:9e:62:24:53:c8:b1:1f:49:93:7e: 0f:79:61:db:42:dd:8e:43:1b:09:3b:47:a1:50:cf: 4f:87:5d:54:16:85:ec:97:cc:f8:d9:27:aa:61:c5: c3:ed Exponent: 65537 (0x10001) X509v3 extensions: 2.5.29.1: 0M..b.`~.....0...-.".'0%1#0!..U....Trust - Lenovo Certificate..^...k...@.`F ... Signature Algorithm: sha256WithRSAEncryption Signature Value: 5f:7d:ac:4a:e6:51:76:4f:85:08:f7:bb:fa:22:92:9c:86:46: 1f:d5:6d:3a:5b:d0:f7:56:6e:a1:e8:c0:d4:79:19:c5:93:cc: fd:27:99:1a:72:41:0b:fd:45:e1:6d:b2:bd:d8:80:c3:31:68: ea:1e:ec:ad:31:f1:1f:b8:75:e3:61:b7:8d:00:a5:29:79:02: a0:ab:57:45:4a:1a:c2:82:1a:a8:c3:ea:f3:d4:15:09:78:9e: 86:60:84:e6:b4:37:5a:03:45:7a:a6:e1:74:c2:0f:d1:1b:fd: 44:ae:31:d5:ec:61:9a:c0:81:1a:2b:c1:ba:6f:3d:47:83:55: 44:d1:fc:f4:6c:3a:dd:d7:fe:30:88:0a:89:6a:c6:d2:71:6f: 2c:2b:eb:0d:c1:9c:52:5f:de:d3:4f:61:d7:62:9a:e8:c0:9d: 01:a6:75:e5:0b:93:75:45:9b:18:d8:ab:32:c4:9c:fb:1a:24: 9e:55:90:bd:4d:bd:5b:03:5a:d7:1f:82:d8:14:59:03:cd:56: 8e:0b:61:8d:b1:9f:e8:aa:a4:41:4c:b2:9a:80:be:48:a3:61: 69:34:ee:b7:18:55:57:c0:23:41:64:bd:5e:73:df:23:f1:8f: 9e:65:b2:a0:f2:c8:4a:cc:c2:e9:db:a8:9c:a7:b3:40:0d:e7: 9e:ea:3d:f8 ------------------------------ So why does this situation happen? I found a similar closed topic https://forums.linuxmint.com/viewtopic.php?t=363303 in linux mint forum ��� which recommends to send 'inxi -Fxxxrz' log, here is ---------------------------------------- System: Kernel: 5.15.0-67-generic x86_64 bits: 64 compiler: gcc v: 11.3.0 Desktop: GNOME 42.5 tk: GTK 3.24.33 wm: gnome-shell dm: GDM3 42.0 Distro: Ubuntu 22.04.2 LTS (Jammy Jellyfish) Machine: Type: Laptop System: LENOVO product: 82B6 v: Lenovo Legion R7000 2020 serial: <superuser required> Chassis: type: 10 v: Lenovo Legion R7000 2020 serial: <superuser required> Mobo: LENOVO model: LNVNB161216 v: SDK0L77769 WIN serial: <superuser required> UEFI: LENOVO v: EUCN31WW date: 01/01/2021 Battery: ID-1: BAT0 charge: 52.9 Wh (100.0%) condition: 52.9/60.0 Wh (88.1%) volts: 17.4 min: 15.4 model: SMP L19M4PC0 type: Li-poly serial: <filter> status: Charging cycles: 275 Device-1: hidpp_battery_0 model: Logitech G304 Lightspeed Wireless Gaming Mouse serial: <filter> charge: 100% (should be ignored) rechargeable: yes status: Discharging CPU: Info: 8-core model: AMD Ryzen 7 4800H with Radeon Graphics bits: 64 type: MT MCP smt: enabled arch: Zen 2 rev: 1 cache: L1: 512 KiB L2: 4 MiB L3: 8 MiB Speed (MHz): avg: 1411 high: 1653 min/max: 1400/2900 boost: enabled cores: 1: 1401 2: 1393 3: 1397 4: 1396 5: 1397 6: 1398 7: 1398 8: 1397 9: 1398 10: 1653 11: 1395 12: 1392 13: 1397 14: 1396 15: 1397 16: 1384 bogomips: 92626 Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm Graphics: Device-1: NVIDIA TU117M vendor: Lenovo driver: nvidia v: 510.108.03 pcie: speed: 2.5 GT/s lanes: 8 ports: active: none off: eDP-1 empty: DP-1,HDMI-A-1 bus-ID: 01:00.0 chip-ID: 10de:1f99 class-ID: 0300 Device-2: Syntek Integrated Camera type: USB driver: uvcvideo bus-ID: 1-3:2 chip-ID: 174f:244c class-ID: 0e02 serial: <filter> Display: x11 server: X.Org v: 1.21.1.3 compositor: gnome-shell driver: X: loaded: nvidia unloaded: fbdev,modesetting,nouveau,vesa gpu: nvidia display-ID: :1 screens: 1 Screen-1: 0 s-res: 1920x1080 s-dpi: 96 s-size: 508x286mm (20.0x11.3") s-diag: 583mm (23") Monitor-1: DP-2 res: 1920x1080 hz: 60 dpi: 142 size: 344x194mm (13.5x7.6") diag: 395mm (15.5") OpenGL: renderer: NVIDIA GeForce GTX 1650/PCIe/SSE2 v: 4.6.0 NVIDIA 510.108.03 direct render: Yes Audio: Device-1: NVIDIA driver: snd_hda_intel v: kernel pcie: speed: 8 GT/s lanes: 8 bus-ID: 01:00.1 chip-ID: 10de:10fa class-ID: 0403 Device-2: AMD Raven/Raven2/FireFlight/Renoir Audio Processor vendor: Lenovo driver: N/A pcie: speed: 16 GT/s lanes: 16 bus-ID: 05:00.5 chip-ID: 1022:15e2 class-ID: 0480 Device-3: AMD Family 17h HD Audio vendor: Lenovo driver: snd_hda_intel v: kernel pcie: speed: 16 GT/s lanes: 16 bus-ID: 05:00.6 chip-ID: 1022:15e3 class-ID: 0403 Sound Server-1: ALSA v: k5.15.0-67-generic running: yes Sound Server-2: PulseAudio v: 15.99.1 running: yes Sound Server-3: PipeWire v: 0.3.48 running: yes Network: Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet vendor: Lenovo driver: r8169 v: kernel pcie: speed: 2.5 GT/s lanes: 1 port: 1000 bus-ID: 03:00.0 chip-ID: 10ec:8168 class-ID: 0200 IF: eno1 state: down mac: <filter> Device-2: Intel Wi-Fi 6 AX200 driver: iwlwifi v: kernel pcie: speed: 5 GT/s lanes: 1 bus-ID: 04:00.0 chip-ID: 8086:2723 class-ID: 0280 IF: wlp4s0 state: up mac: <filter> Bluetooth: Device-1: Intel AX200 Bluetooth type: USB driver: btusb v: 0.8 bus-ID: 3-3:3 chip-ID: 8087:0029 class-ID: e001 Report: hciconfig ID: hci0 rfk-id: 2 state: down bt-service: enabled,running rfk-block: hardware: no software: yes address: <filter> Drives: Local Storage: total: 476.94 GiB used: 58.21 GiB (12.2%) ID-1: /dev/nvme0n1 vendor: Samsung model: MZVLB512HBJQ-000L2 size: 476.94 GiB speed: 31.6 Gb/s lanes: 4 type: SSD serial: <filter> rev: 3L1QEXF7 temp: 33.9 C scheme: GPT Partition: ID-1: / size: 76.6 GiB used: 58.18 GiB (76.0%) fs: ext4 dev: /dev/nvme0n1p7 ID-2: /boot/efi size: 96 MiB used: 36.6 MiB (38.2%) fs: vfat dev: /dev/nvme0n1p1 Swap: ID-1: swap-1 type: file size: 2 GiB used: 0 KiB (0.0%) priority: -2 file: /swapfile Sensors: System Temperatures: cpu: N/A mobo: N/A gpu: nvidia temp: 34 C Fan Speeds (RPM): N/A Repos: Packages: 3730 apt: 3714 snap: 16 Active apt repos in: /etc/apt/sources.list 1: deb http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe 2: deb-src http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe 3: deb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe 4: deb-src http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe 5: deb http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe 6: deb-src http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe 7: deb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe 8: deb-src http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe 9: deb [arch=amd64] https://repo.vivaldi.com/archive/deb/ stable main 10: deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-16 main 11: deb-src http://apt.llvm.org/jammy/ llvm-toolchain-jammy-16 main No active apt repos in: /etc/apt/sources.list.d/backports.list Active apt repos in: /etc/apt/sources.list.d/microsoft-edge.list 1: deb [arch=amd64] https://packages.microsoft.com/repos/edge/ stable main Active apt repos in: /etc/apt/sources.list.d/tor.list 1: deb [arch=amd64 signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org focal main 2: deb-src [arch=amd64 signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org focal main Active apt repos in: /etc/apt/sources.list.d/ubuntu-support-team-ubuntu-gdb-jammy.list 1: deb https://ppa.launchpadcontent.net/ubuntu-support-team/gdb/ubuntu/ jammy main Active apt repos in: /etc/apt/sources.list.d/vscode.list 1: deb [arch=amd64,arm64,armhf signed-by=/etc/apt/trusted.gpg.d/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main No active apt repos in: /etc/apt/sources.list.d/webupd8team-ubuntu-y-ppa-manager-focal.list Info: Processes: 412 Uptime: 56m wakeups: 4 Memory: 15.5 GiB used: 4.75 GiB (30.6%) Init: systemd v: 249 runlevel: 5 Compilers: gcc: 11.3.0 alt: 10/11/12/8/9 clang: 14.0.0-1ubuntu1 Shell: Bash v: 5.1.16 running-in: gnome-terminal inxi: 3.3.13 ---------------------------------------- Hope these information helps you solve with my question. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129471 http://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c19 --- Comment #19 from c zg <czgf2v@163.com> --- on my machine this method https://askubuntu.com/a/1285489/1682447 works(must 'reset setup mode' ), although I didn't get the relations -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com