Module verification failed: signature and/or required key missing - tainting kernel

NunoGouveia · October 21, 2019, 2:48pm

Hi,
I’m trying to install Asterisk from the scratch in a CentOS 8.

I installed followed all installation steps and in the end, when I try to start dahdi, I get the following:

Starting dahdi (via systemctl): Job for dahdi.service failed because the control process exited with error code.

# dmesg
[   30.811392] dahdi: loading out-of-tree module taints kernel.
[   30.811863] dahdi: module verification failed: signature and/or required key missing - tainting kernel

My system is:

# Asterisk 18 # dahdi 3.1.0
# uname -a
Linux localhost.localdomain 4.18.0-80.11.2.el8_0.x86_64 #1 SMP Tue Sep 24 11:32:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Any idea what this might be?

david551 · October 21, 2019, 2:58pm

That’s likely to be normal unless you obtained the compiled kernel module from your Linux distributor, or you signed it yourself, and have provided the relevant key.

NunoGouveia · October 21, 2019, 3:22pm

Thanks for the reply.
Do you know what I can do solve this?

david551 · October 21, 2019, 4:18pm

It’s going to be tainted because of not being in the official buld, even if you resolve the signing issue. In principle, you would need to generate your own signing key, make the corresponding certificate available to the kernel, and sign the module when you build it. However, I’ ve never done this, so there are probably some missing steps.

Alternatively, you can rebuild the kernel with modules signing checks disabled.

I imagine to avoid the out of tree warning, you would need get the Linux source code, merge dahdi into the source tree and adjust the makefiles, but, again, I’ve never done this, and even if you did it, the kernel would really be tainted, but you would have hidden the fact, so why bother.

system · November 20, 2019, 4:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.