Module verification failed: signature and/or required key missing - tainting kernel

I’m trying to install Asterisk from the scratch in a CentOS 8.

I installed followed all installation steps and in the end, when I try to start dahdi, I get the following:

Starting dahdi (via systemctl): Job for dahdi.service failed because the control process exited with error code.

# dmesg
[   30.811392] dahdi: loading out-of-tree module taints kernel.
[   30.811863] dahdi: module verification failed: signature and/or required key missing - tainting kernel

My system is:

# Asterisk 18 # dahdi 3.1.0
# uname -a
Linux localhost.localdomain 4.18.0-80.11.2.el8_0.x86_64 #1 SMP Tue Sep 24 11:32:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Any idea what this might be?

That’s likely to be normal unless you obtained the compiled kernel module from your Linux distributor, or you signed it yourself, and have provided the relevant key.

Thanks for the reply.
Do you know what I can do solve this?

It’s going to be tainted because of not being in the official buld, even if you resolve the signing issue. In principle, you would need to generate your own signing key, make the corresponding certificate available to the kernel, and sign the module when you build it. However, I’ ve never done this, so there are probably some missing steps.

Alternatively, you can rebuild the kernel with modules signing checks disabled.

I imagine to avoid the out of tree warning, you would need get the Linux source code, merge dahdi into the source tree and adjust the makefiles, but, again, I’ve never done this, and even if you did it, the kernel would really be tainted, but you would have hidden the fact, so why bother.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.