KVM：模块验证失败：签名和/或所需的关键缺失 - 污点内核 [英] kvm: module verification failed: signature and/or required key missing - tainting kernel

问题描述

我用的Ubuntu LTS 14.04 和内核版本 3.13.11.4 。
我试图加载补丁的KVM模块 KVM 和 KVM-英特尔和我得到的以下错误

  

KVM：模块验证失败：签名和/或所需的关键缺失 - 污点内核

  和 KVM：模块有坏污点，没有创造跟踪事件。

所使用的源是创建，我目前正在运行的形象同出一源。
我已经检查的符号，并确保该错误不是由不包括 EXPORT_SYMBOL_GPL（）在我导出函数的修补的文件引起。

  

我也看到了有关不同版本的内核的一些东西造成这个错误，但我建立了我与我用来创建修补KVM模块同出一源引导内核。
一切编译没有警告。任何帮助AP preciated！

解决方案

这似乎是你的系统的供应商，使的内核模块签名验证，这意味着它不会加载该供应商还没有签署任何模块。换句话说，你的补丁模块没有签名（正确）和内核将拒绝加载它。

这点从恶意加载内核模块应该是prevent恶意软件和rootkit。

我建议你与经销商联系。有可能是你的某个平台上的选项来禁用签名检查。否则，你的供应商可能能够签署该模块为您服务。你甚至可能具有密钥和签名验证算法的细节，可以自己签名。

不知道你正在运行在什么平台上，很难给出更具体的建议。

I'm using Ubuntu 14.04 LTS and kernel version 3.13.11.4.
I'm trying to load patched KVM modules kvm and kvm-intel and I'm getting the following errors

kvm: module verification failed: signature and/or required key missing - tainting kernel
and kvm: module has bad taint, not creating trace events.

The source used is the same source that created the image that I am currently running.
I've check the symbols and made sure to the error isn't cause by not including EXPORT_SYMBOL_GPL() in the patched files where I exported functions.

I've also seen some stuff about different kernel versions causing this error but I built the kernel that I'm booted in with the same source that I used to create the patched kvm modules.
Everything compile without an warning. Any help is appreciated!

解决方案

It seems like the vendor of your system has enabled kernel module signature verification on your kernel which means it won't load any module that the vendor hasn't signed. In other words, your patched module isn't signed (properly) and the kernel will refuse to load it.

The point of this is supposed to prevent malware and rootkits from loading malicious kernel modules.

I suggest you contact your vendor. There may be an option somewhere on your platform to disable signature checking. Otherwise, your vendor may be able to sign the module for you. You might even have the key and the details of the signature verification algorithm and can sign it yourself.

Without knowing what platform you're running on, it's hard to give more specific suggestions.

这篇关于KVM：模块验证失败：签名和/或所需的关键缺失 - 污点内核的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！