module-signing.txt - OpenGrok cross reference for /linux-4.4.14/Documentation/module-signing.txt

Lines Matching refs:modules
11  - Manually signing modules.
12  - Signed modules and stripping.
13  - Loading signed modules.
14  - Non-valid signatures and unsigned modules.
22 The kernel module signing facility cryptographically signs modules during
24 allows increased kernel security by disallowing the loading of unsigned modules
25 or modules signed with an invalid key.  Module signing increases security by
49  (1) "Require modules to be validly signed" (CONFIG_MODULE_SIG_FORCE)
54      If this is off (ie. "permissive"), then modules for which the key is not
55      available and modules that are unsigned are permitted, but the kernel will
56      be marked as being tainted, and the concerned modules will be marked as
59      If this is on (ie. "restrictive"), only modules that have a valid
61      will be loaded.  All other modules will generate an error.
67  (2) "Automatically sign all modules" (CONFIG_MODULE_SIG_ALL)
69      If this is on then modules will be automatically signed during the
70      modules_install phase of a build.  If this is off, then the modules must
76  (3) "Which hash algorithm should modules be signed with?"
79      sign the modules with:
81 	CONFIG_MODULE_SIG_SHA1		"Sign modules with SHA-1"
82 	CONFIG_MODULE_SIG_SHA224	"Sign modules with SHA-224"
83 	CONFIG_MODULE_SIG_SHA256	"Sign modules with SHA-256"
84 	CONFIG_MODULE_SIG_SHA384	"Sign modules with SHA-384"
85 	CONFIG_MODULE_SIG_SHA512	"Sign modules with SHA-512"
88      than being a module) so that modules signed with that algorithm can have
96      and allow the kernel modules to be signed with a key of your choosing.
126 kernel so that it can be used to check the signatures as the modules are
238 Signed modules are BRITTLE as the signature is outside of the defined ELF
249 exactly as for unsigned modules as no processing is done in userspace.  The
258 the kernel command line, the kernel will only load validly signed modules
259 for which it has a public key.   Otherwise, it will also load modules that are
270 Since the private key is used to sign modules, viruses and malware could use
271 the private key to sign modules and compromise the operating system.  The