How to disable "module verification failed: signature and/or required key missing - tainting kernel" message?
Nan Xiao
xiaonan830818 at gmail.com
Mon Nov 2 04:06:52 EST 2015
Hi Anupam,
Sorry, I am a little confused about your explanation.
In my kernel, only CONFIG_MODULE_SIG is set to yes. But from the 2nd answer of
this post (http://stackoverflow.com/questions/24975377/kvm-module-verification-failed-signature-and-or-required-key-missing-taintin),
it says "no need to disable this option in kernel". So my question is
this answer is wrong?
If no disable "CONFIG_MODULE_SIG" in kernel, "module verification
failed: signature and/or required key missing"
always be printed?
Thanks!
Best Regards
Nan Xiao
On Mon, Nov 2, 2015 at 4:43 PM, Anupam Kapoor <anupam.kapoor at gmail.com> wrote:
>
>>>>>> [2015-11-02T12:59:30+0530]: "Nan Xiao" (nan-xiao):
> ,----[ nan-xiao ]
> | I don't disable CONFIG_MODULE_SIG configuration in kernel. Since from this
> | post (http://stackoverflow.com/questions/24975377/kvm-module-verification-failed-signature-and-or-required-key-missing-taintin),
> | the answer said only disable this option in module's Makefile is enough.
> `----
> following config options are available (under 'enable loadable module support')
>
> CONFIG_MODULE_SIG : checks modules for valid signature on load.
>
> CONFIG_MODULE_SIG_FORCE : rejects unsigned modules or modules for which
> key is not available.
>
> thus, if, this is set to 'n' then loading a module with bad signature,
> would taint the kernel. however, if, this is set to 'y' then loading a
> module with bad signature will be rejected.
>
> so, my guess is that in your case, this is most likely set to 'y'.
>
> --
> kind regards
> anupam
More information about the Kernelnewbies
mailing list