From mboxrd@z Thu Jan  1 00:00:00 1970
From: anupam.kapoor@gmail.com (Anupam Kapoor)
Date: Mon, 02 Nov 2015 14:13:53 +0530
Subject: How to disable "module verification failed: signature and/or
	required key missing - tainting kernel" message?
In-Reply-To: <CA+MhoaMWLq=AnFpviTMO-_g-1yH2O2EWdOS9yNY9GWADTD1FbA@mail.gmail.com>
References: <CA+MhoaPufeaDH6zz1UaU42V8CTxfV3FO-hk2cOMqt5FkbrWinA@mail.gmail.com>
	<34180.1446448563@turing-police.cc.vt.edu>
	<CA+MhoaMWLq=AnFpviTMO-_g-1yH2O2EWdOS9yNY9GWADTD1FbA@mail.gmail.com>
Message-ID: <87h9l4rdti.fsf@fatcat.parallelwireless>
To: kernelnewbies@lists.kernelnewbies.org
List-Id: kernelnewbies.lists.kernelnewbies.org


>>>>> [2015-11-02T12:59:30+0530]: "Nan Xiao" (nan-xiao):
,----[ nan-xiao ]
| I don't disable CONFIG_MODULE_SIG configuration in kernel. Since from this
| post (http://stackoverflow.com/questions/24975377/kvm-module-verification-failed-signature-and-or-required-key-missing-taintin),
| the answer said only disable this option in module's Makefile is enough.
`----
following config options are available (under 'enable loadable module support')

CONFIG_MODULE_SIG : checks modules for valid signature on load.

CONFIG_MODULE_SIG_FORCE : rejects unsigned modules or modules for which
key is not available. 

thus, if, this is set to 'n' then loading a module with bad signature,
would taint the kernel. however, if, this is set to 'y' then loading a
module with bad signature will be rejected.

so, my guess is that in your case, this is most likely set to 'y'.

-- 
kind regards
anupam