veeam agent linux signature and/or required key missing

Backup agent for Linux servers and workstations on-premises or in the public cloud

veeam agent linux signature and/or required key missing

Veeam Logoby VMbonn » Thu Feb 23, 2017 12:19 pm

From /var/log/syslog on Ubuntu 14.04.5 LTS:

Code: Select all
Feb 23 11:34:59 nagios2 kernel: [3098640.578594] veeamsnap: module verification failed: signature and/or required key missing - tainting kernel

That's not the expected behavior of software, that handles all your sensitive data.

Greetings

Michael
VMbonn
Lurker
 
Posts: 2
Liked: never
Joined: Thu Feb 23, 2017 12:05 pm
Location: Bonn, Germany
Full Name: Michael S.

Re: veeam agent linux signature and/or required key missing

Veeam Logoby PTide » Thu Feb 23, 2017 10:01 pm

Hi,

Your feedback is much appreciated, we will take a look into that issue.

Thank you
PTide
Veeam Software
 
Posts: 3230
Liked: 269 times
Joined: Tue May 19, 2015 1:46 pm

Re: veeam agent linux signature and/or required key missing

Veeam Logoby PTide » Mon Feb 27, 2017 3:28 pm

UPDATE:

Michael, does your machine support SecureBoot?

Thanks
PTide
Veeam Software
 
Posts: 3230
Liked: 269 times
Joined: Tue May 19, 2015 1:46 pm

Re: veeam agent linux signature and/or required key missing

Veeam Logoby VMbonn » Mon Feb 27, 2017 6:21 pm

The bare-metal Server is an IBM x3650 m2 build in 2009.

Greetings

Michael
VMbonn
Lurker
 
Posts: 2
Liked: never
Joined: Thu Feb 23, 2017 12:05 pm
Location: Bonn, Germany
Full Name: Michael S.

Re: veeam agent linux signature and/or required key missing

Veeam Logoby ManOrs » Mon Feb 27, 2017 8:53 pm

Hello,

my machine shows the same warning
- fedora 25 laptop
- UEFI enabled
- secureboot disabled
ManOrs
Influencer
 
Posts: 12
Liked: 2 times
Joined: Tue Dec 20, 2016 6:39 am
Location: Italy
Full Name: Manuel Orsatti

Re: veeam agent linux signature and/or required key missing

Veeam Logoby PTide » Tue Feb 28, 2017 1:04 pm

Hi Manuel,

There are two options how you could make use of a signed module:

- compile a public key into the kernel so the module signed with a private key can be checked against it (requires kernel rebuild)
- enable secure boot so the module signed with a private key can be checked against a key held in the computer's NVRAM

@VMbonn,
IBM x3650 m2 build in 2009
veeamsnap module is distributed not as kernel object file but as a source code, therefore you have to sign the module by yourself, because signing a source code does not make sense. Moreover, since every kernel update requires the module to be rebuilt that means that the module signature has to be updated every time you upgrade the kernel.

Please don't hesitate to ask for directions, should you need any assistance with module signing.

Thank you
PTide
Veeam Software
 
Posts: 3230
Liked: 269 times
Joined: Tue May 19, 2015 1:46 pm


Return to Veeam Agent for Linux



Who is online

Users browsing this forum: No registered users and 1 guest