How to disable "module verification failed: signature and/or required key missing - tainting kernel" message?
Anupam Kapoor
anupam.kapoor at gmail.com
Mon Nov 2 04:29:13 EST 2015
>>>>> [2015-11-02T14:36:52+0530]: "Nan Xiao" (nan-xiao):
,----[ nan-xiao ]
| Sorry, I am a little confused about your explanation.
`----
ah sorry about that. i just re-read your original post, and realized
that you _are_ able to load the unsigned/badly-signed module. the only
point of concern is that you see a "taint" message. this is expected.
from Documentation/module-signing.txt
,----
| (1) "Require modules to be validly signed" (CONFIG_MODULE_SIG_FORCE)
|
| This specifies how the kernel should deal with a module that has a
| signature for which the key is not known or a module that is unsigned.
|
| If this is off (ie. "permissive"), then modules for which the key is not
| available and modules that are unsigned are permitted, but the kernel will
| be marked as being tainted, and the concerned modules will be marked as
| tainted, shown with the character 'E'.
|
| If this is on (ie. "restrictive"), only modules that have a valid
| signature that can be verified by a public key in the kernel's possession
| will be loaded. All other modules will generate an error.
|
| Irrespective of the setting here, if the module has a signature block that
| cannot be parsed, it will be rejected out of hand.
`----
if you don't want module signing at all, then set CONFIG_MODULE_SIG to
'n' and recompile your kernel. boot it, and then load modules without
signing....
--
kind regards
anupam
More information about the Kernelnewbies
mailing list