[PATCH 03/27] Enforce module signatures if the kernel is locked down

James Morris jmorris at namei.org
Fri Mar 8 23:00:38 UTC 2019

On Wed, 6 Mar 2019, Matthew Garrett wrote:

> From: David Howells <dhowells at redhat.com>
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.

Perhaps note that this won't cover the case where folk are using DM-Verity 
with a signed root hash for verifying kernel modules.

James Morris
<jmorris at namei.org>

More information about the Linux-security-module-archive mailing list