Control: tag -1 confirmed On Tue, 2025-09-09 at 19:46 +0200, Bavarian Developer wrote: > > > Package: src:linux > Version: 6.1.148-1 > Severity: important > > > Dear Maintainer, > > > when booting the a complete vanilla installation of Debian 12.12 (installed from the released CD image) in Virtualbox, there is an immediate kernel panic. > > > The error message is as follows: > > > Kernel panic - not syncing: Module crc32_intel signature verification failed in FIPS mode > > > The commit history shows changes of kernel module signing. [...] This may have been triggered by the switch from RSA to ECDSA signatures for modules. We could easily revert that if necessary. I've checked and found that this doesn't happen with the 6.12 kernel where we also use ECDSA signatures. There have been changes to the crypto core that added self-tests and allow-listing of ECDSA in FIPS mode. But I think it would be safer to switch back to RSA here. Ben. -- Ben Hutchings Every program is either trivial or else contains at least one bug
Attachment:
signature.asc
Description: This is a digitally signed message part