Error messages on booting, need help

- - ALL UNSTABLE / TESTING THREADS SHOULD BE POSTED HERE - -
This sub-forum is the dedicated area for the ongoing Unstable/Testing releases of Debian. Advanced, or Experienced User support only. Use the software, give, and take advice with caution.
Forum rules
Post Reply
Message
Author
agritux
Posts: 19
Joined: 2011-05-17 19:13

Error messages on booting, need help

#1 Post by agritux »

Hi,
I am new on debian and using debian testing.
I am getting some errors while system booting but I dont know what to do.
Searched on this forum but didnt get any idea. (only this topic, but no solution: viewtopic.php?p=809253&hilit=blacklist% ... 3A#p809253)
Any suggestions?

Image
Top
arzgi
Posts: 1614
Joined: 2008-02-21 17:03
Location: Finland
Has thanked: 1 time
Been thanked: 85 times

Re: Error messages on booting, need help

#2 Post by arzgi »

agritux wrote: 2024-12-09 08:04 Hi,
I am new on debian and using debian testing.
Hello!

Testing is for testing against bugs before it comes stable. If you have no experince of Debian, it can save a lot of grief if you start with stable Debian. I have used Debian more than 10 years, always stable.
Top
User avatar
bbbhltz
Section Moderator
Section Moderator
Posts: 340
Joined: 2024-01-10 14:53
Location: Normandy
XMMP/Jabber: bbbhltz@mailbox.org
Has thanked: 72 times
Been thanked: 81 times

Re: Error messages on booting, need help

#3 Post by bbbhltz »

Those are warning messages, not errors. I think you could ignore them.
bbbhltz
longtime desktop Linux user; eternal newbie
Top
Aki
Global Moderator
Global Moderator
Posts: 4057
Joined: 2014-07-20 18:12
Location: Europe
Has thanked: 113 times
Been thanked: 535 times

Re: Error messages on booting, need help

#4 Post by Aki »

Hello,

Code: Select all

[..]
blacklist: Duplicate blacklisted hash bin:47ff1b63b140b6fc04ed79131331e651da5b2e2f170f5daef4153dc2fbc532b1
[..]
For the "blacklist: Duplicate blacklisted hash bin ..." error, a similar thread [1] was opened in the past.

As @bbbhltz suggested in the previous post, it is a warning that is generated here [2] in the kernel source code:

Code: Select all

/**
 * mark_raw_hash_blacklisted - Add a hash to the system blacklist
 * @hash: The hash as a hex string with a type prefix (eg. "tbs:23aa429783")
 */
static int mark_raw_hash_blacklisted(const char *hash)
{
	key_ref_t key;

	key = key_create(make_key_ref(blacklist_keyring, true),
			 "blacklist",
			 hash,
			 NULL,
			 0,
			 BLACKLIST_KEY_PERM,
			 KEY_ALLOC_NOT_IN_QUOTA |
			 KEY_ALLOC_BUILT_IN);
	if (IS_ERR(key)) {
		if (PTR_ERR(key) == -EEXIST)
			pr_warn("Duplicate blacklisted hash %s\n", hash);
		else
			pr_err("Problem blacklisting hash %s: %pe\n", hash, key);
		return PTR_ERR(key);
	}
	return 0;
}
If I understand correctly, the kernel complains that a signing certificate is already known to the kernel as being blacklisted.

As an example, the certificate listed above from your previous post is known to the Linux kernel (from Debian Testing) as a blacklisted certificate:

Code: Select all

# keyctl show %:.blacklist | grep 4153dc2fbc532b1
1008035894 ----s--v      0     0   \_ blacklist: bin:47ff1b63b140b6fc04ed79131331e651da5b2e2f170f5daef4153dc2fbc532b1
The Linux kernel should usually get these blacklisted certificates from the EFI firmware configuration [3].

As an examples, the certificate above is in the EFI revocation list of the TianoCore EFI implementation of my Debian Testing:

Code: Select all

# mokutil --dbx | grep 47ff1b63b140b6fc04ed79131331e651da5b2e2f170f5daef4153dc2fbc532b1
  47ff1b63b140b6fc04ed79131331e651da5b2e2f170f5daef4153dc2fbc532b1
Perhaps there are some duplicates in the revocation list of your EFI firmware.

Hope this helps.

--
[1] [Solved] blacklist: Problem blacklisting hash (-13)
[2] https://sources.debian.org/src/linux/6.12.3-1/certs/blacklist.c
[3] [PATCH 0/9] KEYS: Blacklisting & UEFI database load
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org
⠈⠳⣄⠀
Top
Post Reply

Return to “Testing And Unstable”