Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: MODSIGN: Couldn't get UEFI db list

  1. #1
    Join Date
    Jan 2014
    Location
    Erlangen
    Posts
    1,707
    Blog Entries
    1

    Default MODSIGN: Couldn't get UEFI db list

    All the sudden the following error showed up:

    Code:
    Mar 18 17:54:21 erlangen kernel: Couldn't get size: 0x800000000000000e
    Mar 18 17:54:21 erlangen kernel: MODSIGN: Couldn't get UEFI db list
    Mar 18 17:54:21 erlangen kernel: Couldn't get size: 0x800000000000000e
    This affects Tumbleweed, but also a native install of Xubuntu. I never made a change to the latter. Any idea?
    AMD Athlon 4850e (2009), openSUSE 13.1, KDE 4, Intel i3-4130 (2014), i7-6700K (2016), i5-8250U (2018), AMD Ryzen 5 3400G (2020), openSUSE Tumbleweed, KDE Plasma 5

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    14,045
    Blog Entries
    3

    Default Re: MODSIGN: Couldn't get UEFI db list

    Yes, I see that. It only happens with a 5.0 kernel (and presumably later), and it only happens on UEFI machines where you are not using secure-boot.

    It looks to me as if the kernel is looking to check signatures on modules, using the key structure from booting with secure-boot. And if you did not use secure-boot, that key structure is not there. The message seems to be telling you that.

    I'm not a kernel internals person. But my conclusion is that this can be ignored. It's probably just for debugging.
    openSUSE Leap 15.2; KDE Plasma 5.18.5;

  3. #3
    Join Date
    Jun 2008
    Location
    Stoney Stanton - England
    Posts
    1,122

    Default Re: MODSIGN: Couldn't get UEFI db list

    My research suggests that nrickert's summary is right (as he usually is....)

  4. #4
    Join Date
    Jan 2014
    Location
    Erlangen
    Posts
    1,707
    Blog Entries
    1

    Default Re: MODSIGN: Couldn't get UEFI db list

    Quote Originally Posted by nrickert View Post
    Yes, I see that. It only happens with a 5.0 kernel (and presumably later), and it only happens on UEFI machines where you are not using secure-boot.

    It looks to me as if the kernel is looking to check signatures on modules, using the key structure from booting with secure-boot. And if you did not use secure-boot, that key structure is not there. The message seems to be telling you that.

    I'm not a kernel internals person. But my conclusion is that this can be ignored. It's probably just for debugging.
    Yes it occurred the first time after upgrading to 5.0.1-1-default. However there is a puzzling effect: Xubuntu has kernel 4.15.0-45-generic This install now also displays the error message (it didn't before):
    Code:
    Mar 18 17:52:41 xubuntu-test kernel: Loading compiled-in X.509 certificates
    Mar 18 17:52:41 xubuntu-test kernel: Loaded X.509 cert 'Build time autogenerated kernel key: e3b8f44ffaaceef3e3a84cfaebd8e5a9acebeaad'
    Mar 18 17:52:41 xubuntu-test kernel: Couldn't get size: 0x800000000000000e
    Mar 18 17:52:41 xubuntu-test kernel: MODSIGN: Couldn't get UEFI db list
    Mar 18 17:52:41 xubuntu-test kernel: Couldn't get size: 0x800000000000000e
    Mar 18 17:52:41 xubuntu-test kernel: MODSIGN: Couldn't get UEFI MokListRT
    Mar 18 17:52:41 xubuntu-test kernel: zswap: loaded using pool lzo/zbud
    Mar 18 17:52:41 xubuntu-test kernel: Key type big_key registered
    Mar 18 17:52:41 xubuntu-test kernel: Key type trusted registered
    Mar 18 17:52:41 xubuntu-test kernel: Key type encrypted registered
    I also think it can be ignored. But 4.20 had a flicker-free boot. 5.0 has flicker again due to the message being displayed.
    AMD Athlon 4850e (2009), openSUSE 13.1, KDE 4, Intel i3-4130 (2014), i7-6700K (2016), i5-8250U (2018), AMD Ryzen 5 3400G (2020), openSUSE Tumbleweed, KDE Plasma 5

  5. #5
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,932

    Default Re: MODSIGN: Couldn't get UEFI db list

    Maybe a back port in Xubuntu kernel???

  6. #6
    Join Date
    Jun 2008
    Location
    Stoney Stanton - England
    Posts
    1,122

    Default Re: MODSIGN: Couldn't get UEFI db list

    I only get the one line of the message:

    Couldn't get size (with numbers either side)

    But I am using EFI and have secure boot switched off.

  7. #7
    Join Date
    Sep 2012
    Posts
    5,734

    Default Re: MODSIGN: Couldn't get UEFI db list

    Quote Originally Posted by karlmistelberger View Post
    Any idea?
    Those messages come from kernel integrity checker that attempts to import UEFI certificates for module signature verification. Certificates are stored in UEFI variables. Error 0x800000000000000e means "The item was not found", so the variable does not exist. If you run with Secure Boot disabled this can be ignored (still the very fact kernel attempts to import non-existing certificates is not nice). If you do have Secure Boot enabled something is wrong and bug report can be considered.

    Upstream kernel has these patches since 5.0. It is quite possible that SUSE included them earlier.

  8. #8
    Join Date
    Jan 2014
    Location
    Erlangen
    Posts
    1,707
    Blog Entries
    1

    Default Re: MODSIGN: Couldn't get UEFI db list

    Quote Originally Posted by arvidjaar View Post
    Those messages come from kernel integrity checker that attempts to import UEFI certificates for module signature verification. Certificates are stored in UEFI variables. Error 0x800000000000000e means "The item was not found", so the variable does not exist. If you run with Secure Boot disabled this can be ignored (still the very fact kernel attempts to import non-existing certificates is not nice). If you do have Secure Boot enabled something is wrong and bug report can be considered.

    Upstream kernel has these patches since 5.0. It is quite possible that SUSE included them earlier.
    It's a well known bug: https://bugzilla.redhat.com/show_bug.cgi?id=1497559 and it can be pretty awkward. When it got activated in Xubunbtu kernel loading time increased from 2 to 33 seconds!

    Code:
    erlangen:~ # journalctl -b 0 --directory /Xubuntu/var/log/journal/|grep userspace
    Mar 19 14:19:50 xubuntu-test systemd[1]: Startup finished in 33.049s (kernel) + 5.829s (userspace) = 38.879s.
    erlangen:~ #
    Fedora 29 has it fixed. It does not show up on my machine.
    AMD Athlon 4850e (2009), openSUSE 13.1, KDE 4, Intel i3-4130 (2014), i7-6700K (2016), i5-8250U (2018), AMD Ryzen 5 3400G (2020), openSUSE Tumbleweed, KDE Plasma 5

  9. #9

    Default Re: MODSIGN: Couldn't get UEFI db list

    Quote Originally Posted by arvidjaar View Post
    Those messages come from kernel integrity checker that attempts to import UEFI certificates for module signature verification. Certificates are stored in UEFI variables. Error 0x800000000000000e means "The item was not found", so the variable does not exist. If you run with Secure Boot disabled this can be ignored (still the very fact kernel attempts to import non-existing certificates is not nice). If you do have Secure Boot enabled something is wrong and bug report can be considered.

    Upstream kernel has these patches since 5.0. It is quite possible that SUSE included them earlier.
    Getting the same messages:
    Code:
    [    2.330097] MODSIGN: Couldn't get UEFI db list[    2.330250] Console: switching to colour frame buffer device 320x90
    [    2.335031] Couldn't get size: 0x800000000000000e
    [    2.335032] Couldn't get UEFI MokListRT
    [    2.339985] Couldn't get size: 0x800000000000000e
    [    2.339987] Couldn't get UEFI dbx list
    Tumbleweed, 5.0.2-1-default #1 SMP Thu Mar 14 08:29:17 UTC 2019 (d1f1d19) x86_64 x86_64 x86_64 GNU/Linux.

    ..running all latest updates. Just started happening....does make boot time a little slower, and things *DO* work, but concerning nonetheless. Anyone have thoughts?

  10. #10
    Join Date
    Jan 2014
    Location
    Erlangen
    Posts
    1,707
    Blog Entries
    1

    Default Re: MODSIGN: Couldn't get UEFI db list

    Quote Originally Posted by PaulCee View Post
    Getting the same messages:
    Code:
    [    2.330097] MODSIGN: Couldn't get UEFI db list[    2.330250] Console: switching to colour frame buffer device 320x90
    [    2.335031] Couldn't get size: 0x800000000000000e
    [    2.335032] Couldn't get UEFI MokListRT
    [    2.339985] Couldn't get size: 0x800000000000000e
    [    2.339987] Couldn't get UEFI dbx list
    Tumbleweed, 5.0.2-1-default #1 SMP Thu Mar 14 08:29:17 UTC 2019 (d1f1d19) x86_64 x86_64 x86_64 GNU/Linux.

    ..running all latest updates. Just started happening....does make boot time a little slower, and things *DO* work, but concerning nonetheless. Anyone have thoughts?
    https://bugzilla.opensuse.org/show_b...?id=1129471#c4
    AMD Athlon 4850e (2009), openSUSE 13.1, KDE 4, Intel i3-4130 (2014), i7-6700K (2016), i5-8250U (2018), AMD Ryzen 5 3400G (2020), openSUSE Tumbleweed, KDE Plasma 5

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •