Re: nvidia kernel is tainted following updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Feb 26, 2020 at 5:03 PM Chris Murphy <lists@xxxxxxxxxxxxxxxxx>
wrote:

> User reports a kernel taint message following updating to kernel
> 5.5.5. Has anything changed in kernel 5.5 that explains this?
>
> This is the message they're seeing:
>
> https://ask.fedoraproject.org/t/kernel-tainted-after-running-updates/5487/4?u=chrismurphy


No, nothing has changed here, loading a proprietary module has marked the
kernel as tainted for a very long time.  If you went back to 2.6 kernels,
you would see a similar message about the kernel being tainted. The message
has expanded a bit over the years as we check for things like module
signatures, etc, but the end result is the same the taint flag is P for
proprietary module.

https://www.kernel.org/doc/html/latest/admin-guide/tainted-kernels.html


>
> My understanding of these messages is:
> 1. the proprietary nvidia driver is being loaded and used
> 2. since the module is not signed, the kernel is tainted
>

Actually, the kernel would be tainted with the same flag whether the module
was signed or not.


>
> But I'm not sure what else I can infer about kernel taint. Are all the
> other lockdowns still in place? Ideally the user would register a key
> using mokutil, and sign the module. But if they don't do that, they
> are still better off than if they disable UEFI Secure Boot to avoid
> getting the kernel taint message, correct?
>
> Unless the user has gone to the trouble of self signing a proprietary
module, and adding that key to the keyring, UEFI secure boot had to be
disabled to even load the module. Module signatures are used and checked
outside of secure boot as well.  Still, even if they do sign the module and
add that key to enable the module to work with secure boot, the kernel will
be tainted P.

Justin
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux