i2c_i801: module verification failed: signature and/or required key missing - tainting kernel

General support questions
Post Reply
archiedor
Posts: 3
Joined: 2019/09/23 10:20:47

i2c_i801: module verification failed: signature and/or required key missing - tainting kernel

Post by archiedor » 2019/09/23 10:34:22

How to build kernel module in centos 7.6 so that build module will be signed?

I have edited the i2c_i801 driver to add a functionalty to our battery driver, but i can't load it because of this issue " i2c_i801: module verification failed: signature and/or required key missing - tainting kernel".

Same code works in SLE 15.

User avatar
TrevorH
Forum Moderator
Posts: 26956
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: i2c_i801: module verification failed: signature and/or required key missing - tainting kernel

Post by TrevorH » 2019/09/23 14:06:04

You can't sign your module with the CentOS signing key as you don't have it and hopefully never will.

Are you sure you SuSE system is running in secure boot mode? CentOS can and will use SB mode if it's enabled.
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

chemal
Posts: 607
Joined: 2013/12/08 19:44:49

Re: i2c_i801: module verification failed: signature and/or required key missing - tainting kernel

Post by chemal » 2019/09/23 15:00:51

archiedor wrote:
2019/09/23 10:34:22
but i can't load it because of this issue " i2c_i801: module verification failed: signature and/or required key missing - tainting kernel".
Your module is loaded. Check with lsmod.

archiedor
Posts: 3
Joined: 2019/09/23 10:20:47

Re: i2c_i801: module verification failed: signature and/or required key missing - tainting kernel

Post by archiedor » 2019/09/24 01:20:02

@TrevorH - yes SLES 15 is running in secure boot mode.

@chemal - yes it is loaded but the functionality is missing. I really don't know if it is running.

chemal
Posts: 607
Joined: 2013/12/08 19:44:49

Re: i2c_i801: module verification failed: signature and/or required key missing - tainting kernel

Post by chemal » 2019/09/24 01:52:55

If the kernel says it has marked itself as tainted, it obviously has loaded the module.

I get this, too:

Code: Select all

[    1.496846] nvidia: loading out-of-tree module taints kernel.
[    1.497026] nvidia: module license 'NVIDIA' taints kernel.
[    1.547877] nvidia: module verification failed: signature and/or required key missing - tainting kernel
This doesn't restrict the kernel module in any way. The whole point of tainting the kernel is to turn down support requests.

My guess is that you simply got your modifications wrong.

Anyway, if you want to sign your module, here's how to do it:

https://access.redhat.com/documentation ... -boot.html

archiedor
Posts: 3
Joined: 2019/09/23 10:20:47

Re: i2c_i801: module verification failed: signature and/or required key missing - tainting kernel

Post by archiedor » 2019/09/24 06:58:49

thanks @chemal, finally solved it.
you correct there was some missing ids in the centos implementation compared to suse.

chemal wrote:
2019/09/24 01:52:55
If the kernel says it has marked itself as tainted, it obviously has loaded the module.

I get this, too:

Code: Select all

[    1.496846] nvidia: loading out-of-tree module taints kernel.
[    1.497026] nvidia: module license 'NVIDIA' taints kernel.
[    1.547877] nvidia: module verification failed: signature and/or required key missing - tainting kernel
This doesn't restrict the kernel module in any way. The whole point of tainting the kernel is to turn down support requests.

My guess is that you simply got your modifications wrong.

Anyway, if you want to sign your module, here's how to do it:

https://access.redhat.com/documentation ... -boot.html

Post Reply

Return to “CentOS 7 - General Support”