Error while loading a signed kernel module : Request for unknown module key : err -11

Support for security such as Firewalls and securing linux
manisha.jnu08
Posts: 1
Joined: 2017/12/04 10:27:29

Error while loading a signed kernel module : Request for unknown module key : err -11

Postby manisha.jnu08 » 2017/12/04 10:48:33

Hi,

I have created a key pair and enrolled the public key using the mokutil

Code: Select all

 mokutil --import pubkey.der


I am using the key pair to sign a kernel module

Code: Select all

 scripts/sign-file sha512 private.key pubkey.der mymodule.ko


Now I am loading this signed kernel module using modprobe

Code: Select all

 modprobe mymodule


I am getting following error. Logs are captured from /var/log/messages

Code: Select all

Dec  5 01:17:28 localhost kernel: Request for unknown module key 'Example, Inc. Kernel signing key: 4efdd0b379fda0f5e0693cd39a773b20000f853b' err -11
Dec  5 01:17:28 localhost kernel: mymodule: loading out-of-tree module taints kernel.
Dec  5 01:17:28 localhost kernel: mymodule: module license 'unspecified' taints kernel.
Dec  5 01:17:28 localhost kernel: Disabling lock debugging due to kernel taint
Dec  5 01:17:28 localhost kernel: mymodule: module verification failed: signature and/or required key missing - tainting kernel
Dec  5 01:17:28 localhost kernel: Hello world 1.


I was expecting that the signed kernel module should be loaded without any error, as I have enrolled the public key to kernel.
Can anybody please explain the reason for this error and how to load the signed module with out any error?

Thanks.