How to disable "module verification failed: signature and/or required key missing - tainting kernel" message?

Anupam Kapoor anupam.kapoor at gmail.com
Mon Nov 2 04:29:13 EST 2015


>>>>> [2015-11-02T14:36:52+0530]: "Nan Xiao" (nan-xiao):

,----[ nan-xiao ]
| Sorry, I am a little confused about your explanation.
`----
ah sorry about that. i just re-read your original post, and realized
that you _are_ able to load the unsigned/badly-signed module. the only
point of concern is that you see a "taint" message. this is expected. 

from Documentation/module-signing.txt

,----
|  (1) "Require modules to be validly signed" (CONFIG_MODULE_SIG_FORCE)
| 
|      This specifies how the kernel should deal with a module that has a
|      signature for which the key is not known or a module that is unsigned.
| 
|      If this is off (ie. "permissive"), then modules for which the key is not
|      available and modules that are unsigned are permitted, but the kernel will
|      be marked as being tainted, and the concerned modules will be marked as
|      tainted, shown with the character 'E'.
| 
|      If this is on (ie. "restrictive"), only modules that have a valid
|      signature that can be verified by a public key in the kernel's possession
|      will be loaded.  All other modules will generate an error.
| 
|      Irrespective of the setting here, if the module has a signature block that
|      cannot be parsed, it will be rejected out of hand.
`----

if you don't want module signing at all, then set CONFIG_MODULE_SIG to
'n' and recompile your kernel. boot it, and then load modules without
signing.... 

--
kind regards
anupam



More information about the Kernelnewbies mailing list