How to disable "module verification failed: signature and/or required key missing - tainting kernel" message?
Anupam Kapoor
anupam.kapoor at gmail.com
Mon Nov 2 03:43:53 EST 2015
>>>>> [2015-11-02T12:59:30+0530]: "Nan Xiao" (nan-xiao):
,----[ nan-xiao ]
| I don't disable CONFIG_MODULE_SIG configuration in kernel. Since from this
| post (http://stackoverflow.com/questions/24975377/kvm-module-verification-failed-signature-and-or-required-key-missing-taintin),
| the answer said only disable this option in module's Makefile is enough.
`----
following config options are available (under 'enable loadable module support')
CONFIG_MODULE_SIG : checks modules for valid signature on load.
CONFIG_MODULE_SIG_FORCE : rejects unsigned modules or modules for which
key is not available.
thus, if, this is set to 'n' then loading a module with bad signature,
would taint the kernel. however, if, this is set to 'y' then loading a
module with bad signature will be rejected.
so, my guess is that in your case, this is most likely set to 'y'.
--
kind regards
anupam
More information about the Kernelnewbies
mailing list