Ubuntu – Livepatch fails with error “cannot apply patches: cannot apply update: cannot execute finitModule syscall: required key not available”

18.04canonical-livepatch

I have canonical-livepatch running but it shows the error messages below. First it tried to update with the error cannot apply patches: cannot apply update: cannot execute finitModule syscall: required key not available. After that failure, it refuses to try another update again.

What could be the problem in applying the update? I couldn't find anything about that error message.

I'm running Ubuntu 18.04.2 LTS.

$ journalctl -t canonical-livepatch
[...]
Jun 17 23:11:24 callisto canonical-livepatch[1183]: Client.Check
Jun 17 23:11:24 callisto canonical-livepatch[1183]: Checking with livepatch service.
Jun 17 23:11:24 callisto canonical-livepatch[1183]: updating last-check
Jun 17 23:11:24 callisto canonical-livepatch[1183]: touched last check
Jun 17 23:11:24 callisto canonical-livepatch[1183]: Applying update 52.3 for 4.15.0-51.55-generic
Jun 17 23:11:24 callisto canonical-livepatch[1183]: during refresh: cannot apply patches: cannot apply update: cannot execute finitModule syscall: required key not available
Jun 18 00:11:24 callisto canonical-livepatch[1183]: Client.Check
Jun 18 00:11:24 callisto canonical-livepatch[1183]: Checking with livepatch service.
Jun 18 00:11:24 callisto canonical-livepatch[1183]: updating last-check
Jun 18 00:11:24 callisto canonical-livepatch[1183]: touched last check
Jun 18 00:11:24 callisto canonical-livepatch[1183]: No updates available at this time.
Jun 18 00:11:24 callisto canonical-livepatch[1183]: Module may have caused kernel crash! Not inserting module.
Jun 18 00:11:24 callisto canonical-livepatch[1183]: To override this warning, remove /var/snap/canonical-livepatch/common/locks/livepatch_Ubuntu_4_15_0_51_55_generic_52_52.3
Jun 18 00:11:24 callisto canonical-livepatch[1183]: during refresh: cannot apply patches: lock file "/var/snap/canonical-livepatch/common/locks/livepatch_Ubuntu_4_15_0_51_55_generic_52_52.3" already exists

Best Answer

  • The problem appears to be that you have Secure Boot enabled and did not import the Livepatch key: https://bugs.launchpad.net/canonical-livepatch-client/+bug/1833566

    You can apparently fix this by running:

    sudo mokutil --import /snap/canonical-livepatch/current/keys/livepatch-kmod.x509
    

    (the password you enter will only be used once)

    Then, reboot and follow the instructions to import the key.