signing kernel modules on RHEL 7

Li Wei lw at cn.fujitsu.com
Thu May 28 03:44:52 EDT 2015


Hi,

On 05/20/2015 08:41 PM, Chakradhar thota wrote:
> Hello Everyone,
> 
> I have compiled kernel module on RHEL7 but when I insert the module, I
> got following warning
> 
> "module verification failed: signature and/or required key missing -
> tainting kernel".
> 
> I tried signing the module on custom kernel and find it working.
> How can we sign the module for a target system with standard RHEL distribution?
> where can we find keys for signing the module on standard kernel?

You will never get the signing key from RH, it's RH's private key.
You should import your own key into MOK(Machine Owner Key) list and use
your own private key to sign module.

RH has a document on this:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html

> 
> Regards,
> Chakradhar
> 
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
> 



More information about the Kernelnewbies mailing list