Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - M index

CONFIG_MODULE_SIG: Module signature verification

General informations

The Linux kernel configuration item CONFIG_MODULE_SIG has multiple definitions:

Module signature verification found in kernel/module/Kconfig

The configuration item CONFIG_MODULE_SIG:

Help text

Check modules for valid signatures upon load: the signature is simply appended to the module. For more information see Documentation/admin-guide/module-signing.rst.

Note that this option adds the OpenSSL development packages as a kernel build dependency so that the signing tool can use its crypto library.

You should enable this option if you wish to use either SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via another LSM - otherwise unsigned modules will be loadable regardless of the lockdown policy.

!!!WARNING!!! If you enable this option, you MUST make sure that the module DOES NOT get stripped after being signed. This includes the debuginfo strip done by some packagers (such as rpmbuild) and inclusion into an initramfs that wants the module size reduced.

Module signature verification found in init/Kconfig

The configuration item CONFIG_MODULE_SIG:

Help text

Check modules for valid signatures upon load: the signature is simply appended to the module. For more information see Documentation/admin-guide/module-signing.rst.

Note that this option adds the OpenSSL development packages as a kernel build dependency so that the signing tool can use its crypto library.

You should enable this option if you wish to use either SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via another LSM - otherwise unsigned modules will be loadable regardless of the lockdown policy.

!!!WARNING!!! If you enable this option, you MUST make sure that the module DOES NOT get stripped after being signed. This includes the debuginfo strip done by some packagers (such as rpmbuild) and inclusion into an initramfs that wants the module size reduced.

Hardware

LKDDb

Raw data from LKDDb:

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

Automatic links from Google (and ads)

Custom Search

Popular queries:

Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - M index

Automatically generated (in year 2024). See also LKDDb sources on GitLab