From d2d0d170018f82b7df924425c74f9dddf259096c Mon Sep 17 00:00:00 2001 From: Giuliano Procida Date: Wed, 11 Dec 2024 09:59:42 +0000 Subject: [PATCH] ANDROID: GKI: load vendor modules without tainting the kernel GKI repurposes module signing to distinguish GKI and vendor modules. It was unhelpful and sometimes confusing to taint the kernel when loading vendor modules. Bug: 232430739 Bug: 383260800 Change-Id: If05a9e7d8e28954eba0472149fe312045c9c4fad Signed-off-by: Giuliano Procida (cherry picked from commit 23313da5700f038f95a82a695392e5bb5b550ba6) --- kernel/module/main.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/module/main.c b/kernel/module/main.c index f5ea6d5f6cbf..fa2fb6c4e07f 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -2371,12 +2371,14 @@ static void module_augment_kernel_taints(struct module *mod, struct load_info *i } #ifdef CONFIG_MODULE_SIG mod->sig_ok = info->sig_ok; +#ifndef CONFIG_MODULE_SIG_PROTECT if (!mod->sig_ok) { pr_notice_once("%s: module verification failed: signature " "and/or required key missing - tainting " "kernel\n", mod->name); add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); } +#endif #else mod->sig_ok = 0; #endif