“The primary reason for the ‘Tainted:‘

  • string is to tell kernel debuggers if this is a clean kernel or if anything unusual has occurred.
  • Tainting is permanent: even if an offending module is unloaded, the tainted value remains to indicate that the kernel is not trustworthy.” (src)

this can be seen/happens when user installs docker.

https://docs.docker.com/storage/storagedriver/aufs-driver/

hostnamectl; # seen on
         Icon name: computer-vm
           Chassis: vm
    Virtualization: oracle
  Operating System: Debian GNU/Linux 10 (buster)
            Kernel: Linux 4.19.0-9-amd64
      Architecture: x86-64

# find the module that taints the kernel
dmesg | grep -i 'taint'
[   11.813287] aufs: loading out-of-tree module taints kernel.
[   11.814959] aufs: module verification failed: signature and/or required key missing - tainting kernel

modinfo aufs
filename:       /lib/modules/4.19.0-9-amd64/updates/dkms/aufs.ko
alias:          fs-aufs
version:        4.19.17+-20190211
description:    aufs -- Advanced multi layered unification filesystem
author:         Junjiro R. Okajima <aufs-users ÄT lists DOT sourceforge PUNKT net>
license:        GPL
srcversion:     8A12292F77F808E3E213B7B
depends:        
retpoline:      Y
name:           aufs
vermagic:       4.19.0-9-amd64 SMP mod_unload modversions 
parm:           brs:use /fs/aufs/si_*/brN (int)
parm:           allow_userns:allow unprivileged to mount under userns (bool)
admin