How to enroll signed kernel module’s public key on Jetson AGX Orin

Jetson AGX / Tegra Linux Support:

I am attempting to install the Hilscher CIFX50E PCIe card in the Jetson AGX Orin Dev kit. After installing the driver for this card and configuring for the driver to be loaded as a kernel module on power up, dmesg reports the following:

[   11.794111] uio_netx: loading out-of-tree module taints kernel.
[   11.794156] uio_netx: module verification failed: signature and/or required key missing - tainting kernel

I followed the Ubuntu instructions for using shim / mokutil to properly sign the driver module and install the module’s public key. This appeared to be working until I restarted, but after multiple reboots I can confirm that the final step of MokManager coming up on startup never happens, and the warning message never goes away from dmesg.

I have already confirmed that secure boot is not enabled. However, the driver module doesn’t appear to function as a result.

What is the correct way on this specific system (I’m using 5.10.104-tegra) to properly enroll kernel module public keys? Alternatively, how can I make the tegra kernel ignore module verification entirely so that my driver can be fully functional?

Thank you,

hello james226,

this might be workaround by disable kernel config CONFIG_MODULE_SIG=n,
please have a try.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.