Hi Anupam, Sorry, I am a little confused about your explanation. In my kernel, only CONFIG_MODULE_SIG is set to yes. But from the 2nd answer of this post (http://stackoverflow.com/questions/24975377/kvm-module-verification-failed-signature-and-or-required-key-missing-taintin), it says "no need to disable this option in kernel". So my question is this answer is wrong? If no disable "CONFIG_MODULE_SIG" in kernel, "module verification failed: signature and/or required key missing" always be printed? Thanks! Best Regards Nan Xiao On Mon, Nov 2, 2015 at 4:43 PM, Anupam Kapoor <anupam.kapoor@xxxxxxxxx> wrote: > >>>>>> [2015-11-02T12:59:30+0530]: "Nan Xiao" (nan-xiao): > ,----[ nan-xiao ] > | I don't disable CONFIG_MODULE_SIG configuration in kernel. Since from this > | post (http://stackoverflow.com/questions/24975377/kvm-module-verification-failed-signature-and-or-required-key-missing-taintin), > | the answer said only disable this option in module's Makefile is enough. > `---- > following config options are available (under 'enable loadable module support') > > CONFIG_MODULE_SIG : checks modules for valid signature on load. > > CONFIG_MODULE_SIG_FORCE : rejects unsigned modules or modules for which > key is not available. > > thus, if, this is set to 'n' then loading a module with bad signature, > would taint the kernel. however, if, this is set to 'y' then loading a > module with bad signature will be rejected. > > so, my guess is that in your case, this is most likely set to 'y'. > > -- > kind regards > anupam _______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
