[elrepo] dm_mod: module verification failed: signature and/or required key missing - tainting kernel
Phil Perry
phil at elrepo.org
Sat Jan 15 07:28:21 EST 2022
On 14/01/2022 20:45, Orion Poplawski wrote:
> I'm seeing this message on an EL7 system running 5.4.171-1.el7.elrepo.x86_64:
>
> kernel: dm_mod: module verification failed: signature and/or required key
> missing - tainting kernel
>
> that's rather odd, isn't it?
>
> I didn't see it with 5.4.142-1.el7.elrepo.x86_64, started with
> 5.4.148-1.el7.elrepo.x86_64.
>
>
It's related to Secure Boot (SB).
Elrepo does not sign the kernel modules in kernel-lt and kernel-ml
kernels for Secure Boot. The kernel code performs checks when a module
is loaded to see if it is signed with a SB key, and whether SB is
enabled in the UEFI/BIOS. If SB is enabled, the kernel will enforce SB
policy and refuse to load the module.
The warning you see is the kernel checking if the module is signed and
letting you know it isn't. If you had SB enabled, you would not be able
to run the kernel.
I suspect a config change at some point in the past has caused the
observed change in behaviour, but it's informational only and shouldn't
cause any issues or concerns AFAIK.
More information about the elrepo
mailing list