I want to develop the peripheral driver. But I get the following error message.
example: module verification failed: signature and/or required key missing - tainting kern
Please help me to solve this.
EFI has Secure Boot mode. In that mode every kernel and kernel module has to be signed by one of the certificates that EFI has. That is, unverified content won’t load.
When Secure Boot is off, the kernel modules load whether they are signed or not. You just get that warning.
AlmaLinux kernel and modules are signed with a “good” key. (The chain leads to a Microsoft certificate.)
ELRepo kernel modules are signed with ELRepo’s own key and we can load their certificate to the EFI.
The dkms that (re)builds kernel modules in your machine (e.g. from NVidia’s RPM-packages) generates its own key and signs, and we can load that certificate to the EFI.
That is all I know about that subject.
1 Like
Inserting a custom, out-of-tree module is going to “taint” your kernel anyway (i.e. even if you were to set up module signing or disable verification), and tainting isn’t a problem unless you expect someone else to debug it for you. See Tainted kernels — The Linux Kernel documentation.