[elrepo-devel] How to avoid the "tainting kernel" message?
Akemi Yagi
toracat at elrepo.org
Wed Feb 17 13:08:13 EST 2016
On Wed, Feb 17, 2016 at 12:32 AM, Sang, Oliver <oliver.sang at intel.com>
wrote:
> Hello,
>
>
>
> I build local kmod for centos7.2. After installation, dmesg says -
>
> module verification failed: signature and/or required key missing -
> tainting kernel
>
>
>
> I checked several kmod packages from
> http://elrepo.org/linux/elrepo/el7/x86_64/RPMS/
>
> It seems the kmd within them are signed -
>
> >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> The ELRepo Project (http://elrepo.org): ELRepo.org Secure Boot Key
>
> *&c[
>
> H#A,
>
> vrPR
>
> OCv+bU
>
> P#Rmwf
>
> )ZJ#U
>
> ~Module signature appended~
>
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>
> But this key seems be for Secure Boot, so the kmd itself should still
> taint the kernel, am I right?
>
>
>
> Is there a way to avoid the dmesg complaint? Thanks
>
>
>
> BR
>
> Oliver
>
If your kmod taints the kernel, then there can be several possible causes.
The most likely reason is a license. If you use a non-GPL license, that
will taint the kernel. Please check your package with :
rpm -qip <your.rpm>
Another way to get more clue is to run this command:
grep "(" /proc/modules
It will show a letter that tells you the reason for the taint. For example,
on a system running ELRepo's Nvidia driver, I see:
nvidia 8356269 32 - Live 0x0000000000000000 (P)
The letter P indicates "a module with a non-GPL license has been loaded".
Akemi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.elrepo.org/pipermail/elrepo-devel/attachments/20160217/c79d5792/attachment.html>
More information about the elrepo-devel
mailing list