May 2023 - openSUSE Kernel - openSUSE Mailing Lists

[opensuse-kernel] kernel-default-base-2.6.29-5.2.x86_64 rpm errors
by Dave Plater 18 Jul '24

18 Jul '24

Hi, I'm busy updating to the latest factory kernel and have received the following errors from kernel-default-base installation (I did insert a blank dvd during the installation of the rpm by zypper):- WARNING: /lib/modules/2.6.29-rc8-5-default/kernel/drivers/scsi/sd_mod.ko needs unknown symbol crc_t10dif WARNING: /lib/modules/2.6.29-rc8-5-default/kernel/drivers/scsi/sr_mod.ko needs unknown symbol register_cdrom WARNING: /lib/modules/2.6.29-rc8-5-default/kernel/drivers/scsi/sr_mod.ko needs unknown symbol cdrom_ioctl WARNING: /lib/modules/2.6.29-rc8-5-default/kernel/drivers/scsi/sr_mod.ko needs unknown symbol cdrom_media_changed WARNING: /lib/modules/2.6.29-rc8-5-default/kernel/drivers/scsi/sr_mod.ko needs unknown symbol cdrom_get_media_event WARNING: /lib/modules/2.6.29-rc8-5-default/kernel/drivers/scsi/sr_mod.ko needs unknown symbol cdrom_release WARNING: /lib/modules/2.6.29-rc8-5-default/kernel/drivers/scsi/sr_mod.ko needs unknown symbol cdrom_open WARNING: /lib/modules/2.6.29-rc8-5-default/kernel/drivers/scsi/sr_mod.ko needs unknown symbol unregister_cdrom WARNING: /lib/modules/2.6.29-rc8-5-default/kernel/drivers/scsi/sr_mod.ko needs unknown symbol cdrom_number_of_slots And then these errors which I think IIRC happened before when the kernel was first split into three:- Kernel image: /boot/vmlinuz-2.6.29-rc8-5-default Initrd image: /boot/initrd-2.6.29-rc8-5-default Root device: /dev/disk/by-id/ata-WDC_WD800JB-00JJC0_WD-WMAM9RA78067-part3 (/dev/sda3) (mounted on / as xfs) Resume device: /dev/disk/by-id/ata-WDC_WD800JB-00JJC0_WD-WMAM9RA78067-part2 (/dev/sda2) FATAL: Module processor not found. WARNING: no dependencies for kernel module 'processor' found. FATAL: Module thermal not found. WARNING: no dependencies for kernel module 'thermal' found. FATAL: Module ata_generic not found. WARNING: no dependencies for kernel module 'ata_generic' found. FATAL: Module piix not found. WARNING: no dependencies for kernel module 'piix' found. FATAL: Module ide_pci_generic not found. WARNING: no dependencies for kernel module 'ide_pci_generic' found. FATAL: Module fan not found. WARNING: no dependencies for kernel module 'fan' found. FATAL: Module xfs not found. WARNING: no dependencies for kernel module 'xfs' found. FATAL: Module usbhid not found. WARNING: no dependencies for kernel module 'usbhid' found. Kernel Modules: scsi_mod libata ata_piix edd ahci sd_mod usbcore ohci-hcd ehci-hcd uhci-hcd WARNING: /dev/shm/mkinitramfs.0drQsZ/mnt/lib/modules/2.6.29-rc8-5-default/kernel/drivers/scsi/sd_mod.ko needs unknown symbol crc_t10dif Features: block usb resume.userspace resume.kernel Bootsplash: openSUSE (1280x1024) 22669 blocks Should I open a bug report about the errors which are possibly from inserting a dvd while the kernel rpm was installing? Regards Dave P -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-kernel+help(a)opensuse.org

2 2

Re: Build 20230505 Kernel LockDown
by Andrei Borzenkov 08 May '23

08 May '23

On 08.05.2023 17:29, Joe Salmeri wrote: > HI Andrei > > On 5/8/23 00:50, Andrei Borzenkov wrote: >> On 07.05.2023 21:25, Joe Salmeri wrote: >>> >>> I just updated from 20230413 to 20230505 and after rebooting vmware >>> kernel modules ( after recompiling for kernel 6.3.1-1 ) would not load. >>> >>> modprobe: ERROR: could not insert 'vmmon': Key was rejected by >>> service >>> modprobe: ERROR: could not insert 'vmnet': Key was rejected by >>> service >>> >> >> Post kernel messages (dmesg output) at the time when you see this >> error. Even better in such cases is to provide full dmesg output. >> > I interpreted the 2 modprobe messages to indicate that since the 2 > vmware modules were not signed they were rejected. > > The same errors were thrown in my test environment and in my main desktop. > > > As a test for you, I recompiled both modules again in my test > environment, but this time I did NOT sign them. > > > I ran 'journalctl -k -xef' in one konsole session and in another konsole > session I ran 'systemctl start vmware' > > The only 2 messages that were displayed were > > May 08 10:17:56 Test-VM: Loading of unsigned module is rejected > May 08 10:17:56 Test-VM: Loading of unsigned module is rejected > > So that seems to indicate that the kernel was changed back to requiring > signed modules. > Yes, although it probably is not exactly lockdown. It is due to CONFIG_IMA_ARCH_POLICY=y which was set by this commit: commit 90a46594a115a4abf9381bd4c327fd875ac0da0b Author: Lee, Chun-Yi <jlee(a)suse.com> Date: Thu Mar 9 13:25:10 2023 +0800 Update config files. Add the following config to x86_64, arm64 and i386. CONFIG_IMA_ARCH_POLICY=y CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y This config be used to detect secure boot. (bsc#1209006) There is no way to override it at run time (except disabling secure boot). Cc kernel. > If I boot back to the previous kernel which was 6.2.10-1, then the > unsigned vmware modules load fine. > > If I follow the steps in my original message and sign the vmware > modules, then kernel 6.3.1.1 loads the modules, the service starts and > vmware works. > > >>> I have not see an announcement regarding kernel lockdown being enabled >> >> Where do you see any indication of kernel lockdown? >> > Everything I had noted from the last time that kernel lockdown was > enabled, indicates that it is NOT locked down with 6.3.1-1. > > I don't understand why everything indicates that lockdown is NOT > enabled, however, the actual messages from the journal/dmesg indicate > that unsigned modules can no longer be loaded with the 6.3.1-1 kernel > and signing them allows them to load so clearly something changed. > > Maybe they found a way to deal with the previous issues that occurred > back with the 6.2 kernel where lockdown would not allow signing with > secondary keys and loading the modules? > > Hopefully Jira,will see these messages and chime in.... > >

1 0

Error building TW kernel locally
by DB 01 May '23

01 May '23

Hey, I'm trying to build the Tumbleweed kernel 6.2.12 on my machine running the same version to test some patches. I had built kernels like this in the past on TW but now I'm not having much luck. I've installed kernel-source-6.2.12-1.1 package from the repo, copied over /usr/src/linux-6.2.12-1 to my home dir, ran `make oldconfig` there, changed CONFIG_LOCALVERSION to "-1-test" in .config and then `make -j 12 binrpm-pkg`. I didn't apply any patches yet, just want to get the base kernel working. The build ends with errors: make[2]: *** [Makefile:2036: .] Error 2 make[1]: *** [scripts/Makefile.package:79: binrpm-pkg] Error 2 make: *** [Makefile:1680: binrpm-pkg] Error 2 There's also some errors about certs in the middle: make[4]: *** No rule to make target '.kernel_signing_key.pem', needed by 'certs/signing_key.x509'. Stop. make[4]: *** Waiting for unfinished jobs.... HOSTCC certs/extract-cert make[3]: *** [scripts/Makefile.build:505: certs] Error 2 make[3]: *** Waiting for unfinished jobs.... The whole output is here https://pastebin.com/vhxM5swj I'm not really sure is it because of the certs or something else. Anybody has any ideas? David

7 11