You are not logged in.

Pages: 1

#1 2023-08-02 03:41:41

ImmortAlex
Member
Registered: 2023-06-14
Posts: 41

Module taiting kernel, but loading

I have NCT6687D sensor chip on m/b.
Using module from AUR package for a long time, and since the beginning I need to enter 

sudo modprobe nct6687

after each boot to load this module.
Putting conf file to /etc/modules-load.d doesn't help either, and I guess because of

#dmesg | grep nct6687

[    2.290197] nct6687: loading out-of-tree module taints kernel.
[    2.290200] nct6687: module verification failed: signature and/or required key missing - tainting kernel

But after today's update (we got linux-6.4.7.arch1-2, systemd-254, and more) dmesg also shows

[    3.307496] nct6687: Found NCT6687D or compatible chip at 0x004e:0x0a20
[    3.309775] nct6687 nct6687.2592: NCT6687D EC firmware version 1.0 build 03/03/21

And module loads automagically!

What's happening?
Is something fixed in kernel? Or in systemd? Or something is actually broken, since module tainting kernel anyway and shouldn't be loaded? Do I need to report CVE? )))

Offline

#2 2023-08-02 03:59:53

Scimmia
Fellow
Registered: 2012-09-01
Posts: 13,030

Re: Module taiting kernel, but loading

Tainting the kernel has nothing to do with getting it to load. It should have always loaded automatically.

Offline

#3 2023-08-02 04:00:48

ectospasm
Member
Registered: 2015-08-28
Posts: 298

Re: Module taiting kernel, but loading

Tainting the kernel just means you have a binary, probably proprietary firmware blob, and when the module loads it the kernel is "tainted," meaning it's not 100 percent open source anymore.  This is quite common with a lot of firmware that's shipped in the firmware packages, and it's the price we pay to be able to use all the hardware Linux is now compatible with due to modules and firmware like this.

Offline

#4 2023-08-02 04:02:20

Scimmia
Fellow
Registered: 2012-09-01
Posts: 13,030

Re: Module taiting kernel, but loading

ectospasm wrote:

Tainting the kernel just means you have a binary, probably proprietary firmware blob, and when the module loads it the kernel is "tainted," meaning it's not 100 percent open source anymore.  This is quite common with a lot of firmware that's shipped in the firmware packages, and it's the price we pay to be able to use all the hardware Linux is now compatible with due to modules and firmware like this.

Completely untrue. Virtually every network adapter loads proprietary firmware blobs without taining the kernel. It's about the modules.

Offline

#5 2023-08-02 05:33:34

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 68,341

Re: Module taiting kernel, but loading

https://www.kernel.org/doc/html/latest/ … rnels.html

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#6 2023-08-02 05:44:51

ImmortAlex
Member
Registered: 2023-06-14
Posts: 41

Re: Module taiting kernel, but loading

It's not a proprietary blob in my case. Module is completely open-source and installed via dkms.
I thought that "module verification failed: signature and/or required key missing - tainting kernel" means that module is not loaded because it is not compiled in-tree.

Offline

#7 2023-08-02 05:46:56

seth
Member
From: Don't DM me only for attention
Registered: 2012-09-03
Posts: 68,341

Re: Module taiting kernel, but loading

Yes, ignore ectospam's comment.

Last edited by seth (2023-08-02 05:47:14)

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

Offline

#8 2023-08-02 13:16:26

Scimmia
Fellow
Registered: 2012-09-01
Posts: 13,030

Re: Module taiting kernel, but loading

ImmortAlex wrote:

I thought that "module verification failed: signature and/or required key missing - tainting kernel" means that module is not loaded because it is not compiled in-tree.

No, it's a warning, nothing more. It doesn't stop it from loading.

Offline

#9 2023-08-02 21:56:27

ectospasm
Member
Registered: 2015-08-28
Posts: 298

Re: Module taiting kernel, but loading

I stand corrected, sorry about the confusion.

EDIT:  Note, you can determine exactly why the kernel was tainted by running kernel-chktaint, sh kernel-chktaint as your regular user.  It will tell you things like whether it's a proprietary module, out of tree module, etc.

I guess I always thought it was the firmware that tainted the kernel, since I knew a lot of hardware needed a proprietary firmware blob for quite some time.  Now, it'd be nice if kernel-chktaint could identify the module(s) that taint the kernel for the reasons specified.  That wouldn't make sense looking up the nonzero code in /proc/sys/kernel/tainted if you got the code from another system.  But that would likely require lsmod privileges.

I've been using Linux for over 25 years, and I always need to learn more about it.

Last edited by ectospasm (2023-08-02 22:19:40)

Offline

#10 2023-08-03 03:51:43

ImmortAlex
Member
Registered: 2023-06-14
Posts: 41

Re: Module taiting kernel, but loading

So, topic title became misleading smile
Still kinda interesting what was fixed in yesterday's update, so module starts loading at boot time as it should...

Offline

#11 2023-08-11 07:06:33

ImmortAlex
Member
Registered: 2023-06-14
Posts: 41

Re: Module taiting kernel, but loading

Ha! Module stops loading.

nct6687: EC base I/O port unconfigured

Seems like it's just loads too early sad

Offline

Pages: 1

Board footer

Powered by FluxBB