Re: Bug#1105164: linux-image-6.1.0-35-amd64: watchdog kernel module load errors with "Bad message"

To: 1105164@bugs.debian.org
Cc: Robert Shearman <robertshearman@gmail.com>, ftpmaster@debian.org, debian-release@lists.debian.org, debian-boot@lists.debian.org, kibi@debian.org, ansgar@debian.org
Subject: Re: Bug#1105164: linux-image-6.1.0-35-amd64: watchdog kernel module load errors with "Bad message"
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 17 May 2025 08:51:54 +0200
Message-id: <[🔎] aCgyCh07MOiPyZuJ@eldamar.lan>
Mail-followup-to: 1105164@bugs.debian.org, Robert Shearman <robertshearman@gmail.com>, ftpmaster@debian.org, debian-release@lists.debian.org, debian-boot@lists.debian.org, kibi@debian.org, ansgar@debian.org
In-reply-to: <[🔎] aCJba8Yo84ng7c_Z@eldamar.lan>
References: <CANXb-UTLyM=Fg2cEDUkbcNZHOcnwg_Smr4Yj3Uh3EX-iRC1Fww@mail.gmail.com> <CANXb-UTLyM=Fg2cEDUkbcNZHOcnwg_Smr4Yj3Uh3EX-iRC1Fww@mail.gmail.com> <[🔎] aCJba8Yo84ng7c_Z@eldamar.lan>

Hi

[not yet trimming the CC list to give a short update]

On Mon, May 12, 2025 at 10:34:51PM +0200, Salvatore Bonaccorso wrote:
> Control: severity -1 serious
> 
> Hi Robert,
> 
> On Mon, May 12, 2025 at 04:38:19PM +0100, Robert Shearman wrote:
> > Package: src:linux
> > Version: 6.1.137-1
> > Severity: important
> > X-Debbugs-Cc: rob@graphiant.com
> > 
> >     rob@graph-dev-bookworm:~$ sudo modprobe watchdog
> >     modprobe: ERROR: could not insert 'watchdog': Bad message
> > 
> > Using extract-module-sig.pl from
> > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/plain/scripts/extract-module-sig.pl
> > shows there is no signature present for the watchdog kernel object
> > file:
> > 
> >     $ ~/Downloads/extract-module-sig.pl -s
> > /lib/modules/6.1.0-35-amd64/kernel/drivers/watchdog/watchdog.ko
> >     Read 91616 bytes from module file
> >     Found magic number at 91616
> >     Found PKCS#7/CMS encapsulation
> > 
> > Compared to 6.1.0-34-amd64 version:
> > 
> >     $ ~/Downloads/extract-module-sig.pl -s
> > /lib/modules/6.1.0-34-amd64/kernel/drivers/watchdog/watchdog.ko
> >     Read 92027 bytes from module file
> >     Found magic number at 92027
> >     Found PKCS#7/CMS encapsulation
> >     Found 411 bytes of signature [3082019706092a864886f70d010702a0]
> >     ...
> 
> So indeed there was likely a temporary problem when doing the signing
> of the modules for linux-signed-amd64. There is the watchdog module
> and w83977f_wdt one which have zero size signature:
> 
> ./linux-signed-amd64-6.1.137+1/debian/signatures/linux-image-6.1.0-35-amd64-unsigned/lib/modules/6.1.0-35-amd64/kernel/drivers/watchdog/watchdog.ko.sig
> ./linux-signed-amd64-6.1.137+1/debian/signatures/linux-image-6.1.0-35-amd64-unsigned/lib/modules/6.1.0-35-amd64/kernel/drivers/watchdog/w83977f_wdt.ko.sig
> 
> I checked as well linux-signed-i386 and linux-signed-arm64 but there I
> found none with a problem.

After a short double-checking with Ansgar, the check might be
included in
https://salsa.debian.org/ftp-team/code-signing/-/blob/master/secure-boot-code-sign.py?ref_type=heads#L180
in the sign_kmod function. And similarly in sign_efi function as well
in
https://salsa.debian.org/ftp-team/code-signing/-/blob/master/secure-boot-code-sign.py?ref_type=heads#L200

Regards,
Salvatore

Reply to:

References:
- Re: Bug#1105164: linux-image-6.1.0-35-amd64: watchdog kernel module load errors with "Bad message"
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: Is blendsel part of D-I RC1? (Re: Next attempt to add Blends to Debian installer)
Next by Date: Bug#1100474: marked as done ([INTL:es] Spanish translation of blendsel debconf template)
Previous by thread: Re: Bug#1105164: linux-image-6.1.0-35-amd64: watchdog kernel module load errors with "Bad message"
Next by thread: Re: Trixie things
Index(es):
- Date
- Thread