How to disable "module verification failed: signature and/or required key missing - tainting kernel" message?
anupam.kapoor at gmail.com
Mon Nov 2 04:29:13 EST 2015
>>>>> [2015-11-02T14:36:52+0530]: "Nan Xiao" (nan-xiao):
,----[ nan-xiao ]
| Sorry, I am a little confused about your explanation.
ah sorry about that. i just re-read your original post, and realized
that you _are_ able to load the unsigned/badly-signed module. the only
point of concern is that you see a "taint" message. this is expected.
| (1) "Require modules to be validly signed" (CONFIG_MODULE_SIG_FORCE)
| This specifies how the kernel should deal with a module that has a
| signature for which the key is not known or a module that is unsigned.
| If this is off (ie. "permissive"), then modules for which the key is not
| available and modules that are unsigned are permitted, but the kernel will
| be marked as being tainted, and the concerned modules will be marked as
| tainted, shown with the character 'E'.
| If this is on (ie. "restrictive"), only modules that have a valid
| signature that can be verified by a public key in the kernel's possession
| will be loaded. All other modules will generate an error.
| Irrespective of the setting here, if the module has a signature block that
| cannot be parsed, it will be rejected out of hand.
if you don't want module signing at all, then set CONFIG_MODULE_SIG to
'n' and recompile your kernel. boot it, and then load modules without
More information about the Kernelnewbies