From mboxrd@z Thu Jan  1 00:00:00 1970
From: lw@cn.fujitsu.com (Li Wei)
Date: Thu, 28 May 2015 15:44:52 +0800
Subject: signing kernel modules on RHEL 7
In-Reply-To: <CA+jr3UWTmnKvNYapk6pb54AJm0R9UFC=+VNK+axE_QHyH7uTaQ@mail.gmail.com>
References: <CA+jr3UWTmnKvNYapk6pb54AJm0R9UFC=+VNK+axE_QHyH7uTaQ@mail.gmail.com>
Message-ID: <5566C774.2040002@cn.fujitsu.com>
To: kernelnewbies@lists.kernelnewbies.org
List-Id: kernelnewbies.lists.kernelnewbies.org

Hi,

On 05/20/2015 08:41 PM, Chakradhar thota wrote:
> Hello Everyone,
> 
> I have compiled kernel module on RHEL7 but when I insert the module, I
> got following warning
> 
> "module verification failed: signature and/or required key missing -
> tainting kernel".
> 
> I tried signing the module on custom kernel and find it working.
> How can we sign the module for a target system with standard RHEL distribution?
> where can we find keys for signing the module on standard kernel?

You will never get the signing key from RH, it's RH's private key.
You should import your own key into MOK(Machine Owner Key) list and use
your own private key to sign module.

RH has a document on this:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html

> 
> Regards,
> Chakradhar
> 
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>