On Wed, 2016-05-25 at 20:56 -0400, Stephen Powell wrote: > On Mon, May 23, 2016, at 22:16, Ben Hutchings wrote: > > On Mon, 2016-05-23 at 21:06 -0400, Stephen Powell wrote: > > > > > > The following message is received at boot time when booting the stock Debian kernel > > > version 4.5.3-2 on the s390x architecture: > > > > > > dasd_mod: module verification failed: signature and/or required key missing - tainting kernel > > > > This is expected until we sort out support for loading signed modules > > in unstable. > > > > I've done a little research on this. I haven't checked other architectures, > but the stock s390x kernel for 4.5.3-2 (and today I also tried 4.5.4-1) has > > CONFIG_MODULE_SIG=y > # CONFIG_MODULE_SIG_ALL is not set > > This seems to be the problem. But is exactly what's needed for official linux and linux-signed packages. [...] > I have been able to build a successful kernel using make-kpkg with both of the > above options not set, as well as with both of them set to y. But the > combination of options currently used in the stock kernel is problematic > for these tools. That's why the config files included in linux-source packages are now slightly different from those used in official packages. Ben. -- Ben Hutchings Usenet is essentially a HUGE group of people passing notes in class. - Rachel Kadel, `A Quick Guide to Newsgroup Etiquette'
Attachment:
signature.asc
Description: This is a digitally signed message part