<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Feb 17, 2016 at 12:32 AM, Sang, Oliver <span dir="ltr"><<a href="mailto:oliver.sang@intel.com" target="_blank">oliver.sang@intel.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal">Hello,<u></u><u></u></p>
<p class="MsoNormal"><u></u>Â <u></u></p>
<p class="MsoNormal">I build local kmod for centos7.2. After installation, dmesg says -<u></u><u></u></p>
<p class="MsoNormal">module verification failed: signature and/or required key missing - tainting kernel<u></u><u></u></p>
<p class="MsoNormal"><u></u>Â <u></u></p>
<p class="MsoNormal">I checked several kmod packages from <a href="http://elrepo.org/linux/elrepo/el7/x86_64/RPMS/" target="_blank">
http://elrepo.org/linux/elrepo/el7/x86_64/RPMS/</a><u></u><u></u></p>
<p class="MsoNormal">It seems the kmd within them are signed -<u></u><u></u></p>
<p class="MsoNormal">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><u></u>Â <u></u></p>
<p class="MsoNormal">The ELRepo Project (<a href="http://elrepo.org" target="_blank">http://elrepo.org</a>): ELRepo.org Secure Boot Key<u></u><u></u></p>
<p class="MsoNormal">*&c[<u></u><u></u></p>
<p class="MsoNormal">H#A,<u></u><u></u></p>
<p class="MsoNormal">vrPR<u></u><u></u></p>
<p class="MsoNormal">OCv+bU<u></u><u></u></p>
<p class="MsoNormal">P#Rmwf<u></u><u></u></p>
<p class="MsoNormal">)ZJ#U<u></u><u></u></p>
<p class="MsoNormal">~Module signature appended~<u></u><u></u></p>
<p class="MsoNormal"><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<u></u>Â <u></u></p>
<p class="MsoNormal">But this key seems be for Secure Boot, so the kmd itself should still taint the kernel, am I right?<u></u><u></u></p>
<p class="MsoNormal"><u></u>Â <u></u></p>
<p class="MsoNormal">Is there a way to avoid the dmesg complaint? Thanks<u></u><u></u></p>
<p class="MsoNormal"><u></u>Â <u></u></p>
<p class="MsoNormal">BR<span class=""><font color="#888888"><u></u><u></u></font></span></p><span class=""><font color="#888888">
<p class="MsoNormal">Oliver<u></u><u></u></p>
</font></span></div>
</div>
</blockquote></div><br></div><div class="gmail_extra">If your kmod taints the kernel, then there can be several possible causes. The most likely reason is a license. If you use a non-GPL license, that will taint the kernel. Please check your package with :<br><br>rpm -qip <your.rpm><br><br></div><div class="gmail_extra">Another way to get more clue is to run this command:<br><br>grep "(" /proc/modules<br><br></div><div class="gmail_extra">It will show a letter that tells you the reason for the taint. For example, on a system running ELRepo's Nvidia driver, I see:<br><br>nvidia 8356269 32 - Live 0x0000000000000000 (P)<br><br></div><div class="gmail_extra">The letter P indicates "a module with a non-GPL license has been loaded".<br><br></div><div class="gmail_extra">Akemi<br></div></div>