* signing kernel modules on RHEL 7
@ 2015-05-20 12:41 Chakradhar thota
2015-05-20 13:04 ` Saumendra Dash
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Chakradhar thota @ 2015-05-20 12:41 UTC (permalink / raw)
To: kernelnewbies
Hello Everyone,
I have compiled kernel module on RHEL7 but when I insert the module, I
got following warning
"module verification failed: signature and/or required key missing -
tainting kernel".
I tried signing the module on custom kernel and find it working.
How can we sign the module for a target system with standard RHEL distribution?
where can we find keys for signing the module on standard kernel?
Regards,
Chakradhar
^ permalink raw reply [flat|nested] 6+ messages in thread* signing kernel modules on RHEL 7 2015-05-20 12:41 signing kernel modules on RHEL 7 Chakradhar thota @ 2015-05-20 13:04 ` Saumendra Dash 2015-05-22 13:12 ` Jerry Snitselaar 2015-05-28 7:44 ` Li Wei 2 siblings, 0 replies; 6+ messages in thread From: Saumendra Dash @ 2015-05-20 13:04 UTC (permalink / raw) To: kernelnewbies >I have compiled kernel module on RHEL7 but when I insert the module, I got following warning >"module verification failed: signature and/or required key missing - tainting kernel". >I tried signing the module on custom kernel and find it working. >How can we sign the module for a target system with standard RHEL distribution? >where can we find keys for signing the module on standard kernel? The kernel module signature verification has been enabled for your system, which is giving warnings while loading modules that has not signed by the vendor. Not a big problem though... Try to compile with the following flags off during menuconfig: - CONFIG_MODULE_SIG - CONFIG_MODULE_SIG_ALL Hope it helps. Thanks, Saumendra ::DISCLAIMER:: ---------------------------------------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ---------------------------------------------------------------------------------------------------------------------------------------------------- ^ permalink raw reply [flat|nested] 6+ messages in thread
* signing kernel modules on RHEL 7 2015-05-20 12:41 signing kernel modules on RHEL 7 Chakradhar thota 2015-05-20 13:04 ` Saumendra Dash @ 2015-05-22 13:12 ` Jerry Snitselaar 2015-05-28 7:44 ` Li Wei 2 siblings, 0 replies; 6+ messages in thread From: Jerry Snitselaar @ 2015-05-22 13:12 UTC (permalink / raw) To: kernelnewbies On Wed May 20 15, Chakradhar thota wrote: > Hello Everyone, > > I have compiled kernel module on RHEL7 but when I insert the module, I > got following warning > > "module verification failed: signature and/or required key missing - > tainting kernel". > > I tried signing the module on custom kernel and find it working. > How can we sign the module for a target system with standard RHEL distribution? > where can we find keys for signing the module on standard kernel? > > Regards, > Chakradhar > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies at kernelnewbies.org > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies Install the kernel-doc package and then look at: /usr/share/doc/kernel-<insert-your-kernel-version-here>/Documentation/module-signing.txt ^ permalink raw reply [flat|nested] 6+ messages in thread
* signing kernel modules on RHEL 7 2015-05-20 12:41 signing kernel modules on RHEL 7 Chakradhar thota 2015-05-20 13:04 ` Saumendra Dash 2015-05-22 13:12 ` Jerry Snitselaar @ 2015-05-28 7:44 ` Li Wei 2015-05-28 9:08 ` Chakradhar thota 2 siblings, 1 reply; 6+ messages in thread From: Li Wei @ 2015-05-28 7:44 UTC (permalink / raw) To: kernelnewbies Hi, On 05/20/2015 08:41 PM, Chakradhar thota wrote: > Hello Everyone, > > I have compiled kernel module on RHEL7 but when I insert the module, I > got following warning > > "module verification failed: signature and/or required key missing - > tainting kernel". > > I tried signing the module on custom kernel and find it working. > How can we sign the module for a target system with standard RHEL distribution? > where can we find keys for signing the module on standard kernel? You will never get the signing key from RH, it's RH's private key. You should import your own key into MOK(Machine Owner Key) list and use your own private key to sign module. RH has a document on this: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html > > Regards, > Chakradhar > > _______________________________________________ > Kernelnewbies mailing list > Kernelnewbies at kernelnewbies.org > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > ^ permalink raw reply [flat|nested] 6+ messages in thread
* signing kernel modules on RHEL 7 2015-05-28 7:44 ` Li Wei @ 2015-05-28 9:08 ` Chakradhar thota 2015-06-04 9:15 ` Li Wei 0 siblings, 1 reply; 6+ messages in thread From: Chakradhar thota @ 2015-05-28 9:08 UTC (permalink / raw) To: kernelnewbies Thank you Li Wei. Is MOK supported in Legacy BIOS? I have tried to import but after reboot couldn't find the key registered All articles of Signing kernel modules mention about UEFI enviroment for registering MOK. Can we register MOK with Legacy BIOS? On Thu, May 28, 2015 at 1:14 PM, Li Wei <lw@cn.fujitsu.com> wrote: > Hi, > > On 05/20/2015 08:41 PM, Chakradhar thota wrote: >> Hello Everyone, >> >> I have compiled kernel module on RHEL7 but when I insert the module, I >> got following warning >> >> "module verification failed: signature and/or required key missing - >> tainting kernel". >> >> I tried signing the module on custom kernel and find it working. >> How can we sign the module for a target system with standard RHEL distribution? >> where can we find keys for signing the module on standard kernel? > > You will never get the signing key from RH, it's RH's private key. > You should import your own key into MOK(Machine Owner Key) list and use > your own private key to sign module. > > RH has a document on this: > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html > >> >> Regards, >> Chakradhar >> >> _______________________________________________ >> Kernelnewbies mailing list >> Kernelnewbies at kernelnewbies.org >> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies >> ^ permalink raw reply [flat|nested] 6+ messages in thread
* signing kernel modules on RHEL 7 2015-05-28 9:08 ` Chakradhar thota @ 2015-06-04 9:15 ` Li Wei 0 siblings, 0 replies; 6+ messages in thread From: Li Wei @ 2015-06-04 9:15 UTC (permalink / raw) To: kernelnewbies On 05/28/2015 05:08 PM, Chakradhar thota wrote: > Thank you Li Wei. > Is MOK supported in Legacy BIOS? I have tried to import but after No, MOK is some kind of UEFI things. MOK is the only way to insert your own public key without recompile kernel. Thanks. > reboot couldn't find the key registered > All articles of Signing kernel modules mention about UEFI enviroment > for registering MOK. > Can we register MOK with Legacy BIOS? > > On Thu, May 28, 2015 at 1:14 PM, Li Wei <lw@cn.fujitsu.com> wrote: >> Hi, >> >> On 05/20/2015 08:41 PM, Chakradhar thota wrote: >>> Hello Everyone, >>> >>> I have compiled kernel module on RHEL7 but when I insert the module, I >>> got following warning >>> >>> "module verification failed: signature and/or required key missing - >>> tainting kernel". >>> >>> I tried signing the module on custom kernel and find it working. >>> How can we sign the module for a target system with standard RHEL distribution? >>> where can we find keys for signing the module on standard kernel? >> >> You will never get the signing key from RH, it's RH's private key. >> You should import your own key into MOK(Machine Owner Key) list and use >> your own private key to sign module. >> >> RH has a document on this: >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html >> >>> >>> Regards, >>> Chakradhar >>> >>> _______________________________________________ >>> Kernelnewbies mailing list >>> Kernelnewbies at kernelnewbies.org >>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies >>> > . > ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-06-04 9:15 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-05-20 12:41 signing kernel modules on RHEL 7 Chakradhar thota 2015-05-20 13:04 ` Saumendra Dash 2015-05-22 13:12 ` Jerry Snitselaar 2015-05-28 7:44 ` Li Wei 2015-05-28 9:08 ` Chakradhar thota 2015-06-04 9:15 ` Li Wei
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).