From: anupam.kapoor@gmail.com (Anupam Kapoor)
To: kernelnewbies@lists.kernelnewbies.org
Subject: How to disable "module verification failed: signature and/or required key missing - tainting kernel" message?
Date: Mon, 02 Nov 2015 14:59:13 +0530 [thread overview]
Message-ID: <87d1vsrbpy.fsf@fatcat.parallelwireless> (raw)
In-Reply-To: <CA+MhoaNY_nwvKT8d2WvQP1rMifbamHqyDqNwa-9Z5NSVTQifwA@mail.gmail.com>
>>>>> [2015-11-02T14:36:52+0530]: "Nan Xiao" (nan-xiao):
,----[ nan-xiao ]
| Sorry, I am a little confused about your explanation.
`----
ah sorry about that. i just re-read your original post, and realized
that you _are_ able to load the unsigned/badly-signed module. the only
point of concern is that you see a "taint" message. this is expected.
from Documentation/module-signing.txt
,----
| (1) "Require modules to be validly signed" (CONFIG_MODULE_SIG_FORCE)
|
| This specifies how the kernel should deal with a module that has a
| signature for which the key is not known or a module that is unsigned.
|
| If this is off (ie. "permissive"), then modules for which the key is not
| available and modules that are unsigned are permitted, but the kernel will
| be marked as being tainted, and the concerned modules will be marked as
| tainted, shown with the character 'E'.
|
| If this is on (ie. "restrictive"), only modules that have a valid
| signature that can be verified by a public key in the kernel's possession
| will be loaded. All other modules will generate an error.
|
| Irrespective of the setting here, if the module has a signature block that
| cannot be parsed, it will be rejected out of hand.
`----
if you don't want module signing at all, then set CONFIG_MODULE_SIG to
'n' and recompile your kernel. boot it, and then load modules without
signing....
--
kind regards
anupam
prev parent reply other threads:[~2015-11-02 9:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-02 5:57 How to disable "module verification failed: signature and/or required key missing - tainting kernel" message? Nan Xiao
2015-11-02 6:13 ` Anupam Kapoor
2015-11-02 7:16 ` Valdis.Kletnieks at vt.edu
2015-11-02 7:29 ` Nan Xiao
2015-11-02 8:43 ` Anupam Kapoor
2015-11-02 9:06 ` Nan Xiao
2015-11-02 9:29 ` Anupam Kapoor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d1vsrbpy.fsf@fatcat.parallelwireless \
--to=anupam.kapoor@gmail.com \
--cc=kernelnewbies@lists.kernelnewbies.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).