[PATCH 03/27] Enforce module signatures if the kernel is locked down
James Morris
jmorris at namei.org
Fri Mar 8 23:00:38 UTC 2019
On Wed, 6 Mar 2019, Matthew Garrett wrote:
> From: David Howells <dhowells at redhat.com>
>
> If the kernel is locked down, require that all modules have valid
> signatures that we can verify.
Perhaps note that this won't cover the case where folk are using DM-Verity
with a signed root hash for verifying kernel modules.
--
James Morris
<jmorris at namei.org>
More information about the Linux-security-module-archive
mailing list