• Rusty Russell's avatar
    module: signature checking hook · 106a4ee2
    Rusty Russell authored
    We do a very simple search for a particular string appended to the module
    (which is cache-hot and about to be SHA'd anyway).  There's both a config
    option and a boot parameter which control whether we accept or fail with
    unsigned modules and modules that are signed with an unknown key.
    
    If module signing is enabled, the kernel will be tainted if a module is
    loaded that is unsigned or has a signature for which we don't have the
    key.
    
    (Useful feedback and tweaks by David Howells <dhowells@redhat.com>)
    Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
    106a4ee2
kernel-parameters.txt 107 KB