On Jul 6, 2022, at 15:47, Lester Petrie <lmpet...@bellsouth.net> wrote: > If I remember your original email, you have successfully created and > installed a key to sign the modules with (and maybe even signed the original > module). If you have kept the key, you will not have to generate and install > another one, but every time you install a new kernel, a new set of nvidia > modules will need to be created and then signed. When I install a new kernel, > the nvidia modules are created automatically, but after they are created, I > have to manually sign them. I hope this is relevant to your original question.
The kernel taint has nothing to do with signed kmods. The original question was about some messages in the kernel log which mention the kernel being tainted. This is because: 1.) an out of tree module was loaded 2.) the module is proprietary 3.) the Fedora kernel has kmod signing turned on and the nvidia module isn’t signed with the Fedora signature #1 is because it isn’t a kernel module that’s part of the Linux kernel. #2 is because the license in the code isn’t one of the open licenses permitted by the kernel. #3 is unrelated to secure boot directly, the Fedora kernel has module signing enabled and they’re signed by a private key when Fedora builds their kernels. Each of these taint the kernel, which will be noted in kernel backtraces and crash dumps. -- Jonathan Billings _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
