summaryrefslogtreecommitdiff
path: root/init
diff options
context:
space:
mode:
authorRusty Russell <rusty@rustcorp.com.au>2012-09-26 13:09:40 +0400
committerRusty Russell <rusty@rustcorp.com.au>2012-10-10 13:30:55 +0400
commit106a4ee258d14818467829bf0e12aeae14c16cd7 (patch)
tree4a5d002eceff4a028ebc8d88223b1ed735bee224 /init
parentc26fd69fa00916a31a47f5f096fd7be924106df8 (diff)
downloadlinux-106a4ee258d14818467829bf0e12aeae14c16cd7.tar.xz
module: signature checking hook
We do a very simple search for a particular string appended to the module (which is cache-hot and about to be SHA'd anyway). There's both a config option and a boot parameter which control whether we accept or fail with unsigned modules and modules that are signed with an unknown key. If module signing is enabled, the kernel will be tainted if a module is loaded that is unsigned or has a signature for which we don't have the key. (Useful feedback and tweaks by David Howells <dhowells@redhat.com>) Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig14
1 files changed, 14 insertions, 0 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 66cc885abbc6..fa8ccad1ea43 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1585,6 +1585,20 @@ config MODULE_SRCVERSION_ALL
the version). With this option, such a "srcversion" field
will be created for all modules. If unsure, say N.
+config MODULE_SIG
+ bool "Module signature verification"
+ depends on MODULES
+ help
+ Check modules for valid signatures upon load: the signature
+ is simply appended to the module. For more information see
+ Documentation/module-signing.txt.
+
+config MODULE_SIG_FORCE
+ bool "Require modules to be validly signed"
+ depends on MODULE_SIG
+ help
+ Reject unsigned modules or signed modules for which we don't have a
+ key. Without this, such modules will simply taint the kernel.
endif # MODULES
config INIT_ALL_POSSIBLE