veeam agent linux signature and/or required key missing

[VMbonn]

From /var/log/syslog on Ubuntu 14.04.5 LTS:

Code: Select all

Feb 23 11:34:59 nagios2 kernel: [3098640.578594] veeamsnap: module verification failed: signature and/or required key missing - tainting kernel

That's not the expected behavior of software, that handles all your sensitive data.

Greetings

Michael

[PTide]

Hi,

Your feedback is much appreciated, we will take a look into that issue.

Thank you

[PTide]

UPDATE:

Michael, does your machine support SecureBoot?

Thanks

[VMbonn]

The bare-metal Server is an IBM x3650 m2 build in 2009.

Greetings

Michael

[ManOrs]

Hello,

my machine shows the same warning
- fedora 25 laptop
- UEFI enabled
- secureboot disabled

[PTide]

Hi Manuel,

There are two options how you could make use of a signed module:

- compile a public key into the kernel so the module signed with a private key can be checked against it (requires kernel rebuild)
- enable secure boot so the module signed with a private key can be checked against a key held in the computer's NVRAM

@VMbonn,

IBM x3650 m2 build in 2009

veeamsnap module is distributed not as kernel object file but as a source code, therefore you have to sign the module by yourself, because signing a source code does not make sense. Moreover, since every kernel update requires the module to be rebuilt that means that the module signature has to be updated every time you upgrade the kernel.

Please don't hesitate to ask for directions, should you need any assistance with module signing.

Thank you