diff options
author | Rusty Russell <rusty@rustcorp.com.au> | 2012-09-26 10:09:40 +0100 |
---|---|---|
committer | Rusty Russell <rusty@rustcorp.com.au> | 2012-10-10 20:00:55 +1030 |
commit | 106a4ee258d14818467829bf0e12aeae14c16cd7 (patch) | |
tree | 4a5d002eceff4a028ebc8d88223b1ed735bee224 /init | |
parent | c26fd69fa00916a31a47f5f096fd7be924106df8 (diff) |
module: signature checking hook
We do a very simple search for a particular string appended to the module
(which is cache-hot and about to be SHA'd anyway). There's both a config
option and a boot parameter which control whether we accept or fail with
unsigned modules and modules that are signed with an unknown key.
If module signing is enabled, the kernel will be tainted if a module is
loaded that is unsigned or has a signature for which we don't have the
key.
(Useful feedback and tweaks by David Howells <dhowells@redhat.com>)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig index 66cc885abbc6..fa8ccad1ea43 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1585,6 +1585,20 @@ config MODULE_SRCVERSION_ALL the version). With this option, such a "srcversion" field will be created for all modules. If unsure, say N. +config MODULE_SIG + bool "Module signature verification" + depends on MODULES + help + Check modules for valid signatures upon load: the signature + is simply appended to the module. For more information see + Documentation/module-signing.txt. + +config MODULE_SIG_FORCE + bool "Require modules to be validly signed" + depends on MODULE_SIG + help + Reject unsigned modules or signed modules for which we don't have a + key. Without this, such modules will simply taint the kernel. endif # MODULES config INIT_ALL_POSSIBLE |