Standalone backup agents for Linux, Mac, AIX & Solaris workloads on-premises or in the public cloud
Post Reply
VMbonn
Lurker
Posts: 2
Liked: never
Joined: Feb 23, 2017 12:05 pm
Full Name: Michael S.
Location: Bonn, Germany
Contact:

veeam agent linux signature and/or required key missing

Post by VMbonn »

From /var/log/syslog on Ubuntu 14.04.5 LTS:

Code: Select all

Feb 23 11:34:59 nagios2 kernel: [3098640.578594] veeamsnap: module verification failed: signature and/or required key missing - tainting kernel
That's not the expected behavior of software, that handles all your sensitive data.

Greetings

Michael
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: veeam agent linux signature and/or required key missing

Post by PTide »

Hi,

Your feedback is much appreciated, we will take a look into that issue.

Thank you
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: veeam agent linux signature and/or required key missing

Post by PTide »

UPDATE:

Michael, does your machine support SecureBoot?

Thanks
VMbonn
Lurker
Posts: 2
Liked: never
Joined: Feb 23, 2017 12:05 pm
Full Name: Michael S.
Location: Bonn, Germany
Contact:

Re: veeam agent linux signature and/or required key missing

Post by VMbonn »

The bare-metal Server is an IBM x3650 m2 build in 2009.

Greetings

Michael
ManOrs
Enthusiast
Posts: 30
Liked: 3 times
Joined: Dec 20, 2016 6:39 am
Full Name: Manuel Orsatti
Location: Italy
Contact:

Re: veeam agent linux signature and/or required key missing

Post by ManOrs »

Hello,

my machine shows the same warning
- fedora 25 laptop
- UEFI enabled
- secureboot disabled
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: veeam agent linux signature and/or required key missing

Post by PTide »

Hi Manuel,

There are two options how you could make use of a signed module:

- compile a public key into the kernel so the module signed with a private key can be checked against it (requires kernel rebuild)
- enable secure boot so the module signed with a private key can be checked against a key held in the computer's NVRAM

@VMbonn,
IBM x3650 m2 build in 2009
veeamsnap module is distributed not as kernel object file but as a source code, therefore you have to sign the module by yourself, because signing a source code does not make sense. Moreover, since every kernel update requires the module to be rebuilt that means that the module signature has to be updated every time you upgrade the kernel.

Please don't hesitate to ask for directions, should you need any assistance with module signing.

Thank you
Post Reply

Who is online

Users browsing this forum: cloggy and 16 guests