why does an in-tree loadable module taint the kernel
jim.cromie at gmail.com
jim.cromie at gmail.com
Tue Jun 15 12:06:08 EDT 2021
On Mon, Jun 14, 2021 at 1:20 AM Greg KH <greg at kroah.com> wrote:
>
> On Mon, Jun 14, 2021 at 01:09:25AM -0600, jim.cromie at gmail.com wrote:
> > serio_raw is apparently tainting the kernel when its modprobed.
> > why ? other modules load properly, no code changes to this module
> >
> > bash-5.1# dmesg | grep -i taint
> > [ 6.517150] serio_raw: module verification failed: signature and/or
> > required key missing - tainting kernel
>
> You did not build this with the correct module signing key that your
> kernel was built with. That is what this warning is showing you, try
> building all modules with the same key as your kernel had and you should
> be fine.
>
OK, I understand better now -
its nothing wrong with serio_raw, its just the 1st module to load,
and warning comes just once.
kernel/module.c
3962: pr_notice_once("%s: module verification failed: signature "
Whats odd is that the same module has a signature when modinfo'd in
the kernel running the laptop, but not from the same kernel running inside a VM.
Does this constitute a bug of some sort ?
A pretty small one, likely fixable by changing CONFIG_SECURITY etc.
For anyone else needing to decode a taint:
https://www.kernel.org/doc/html/latest/admin-guide/tainted-kernels.html
> thanks,
>
> greg k-h
thank you
More information about the Kernelnewbies
mailing list