CONFIG_MODULE_SIG_FORCE shouldn't be checked if CONFIG_MODULES is not set

a13xp0p0v / kernel-hardening-checker

A tool for checking the security hardening options of the Linux kernel

GNU General Public License v3.0

1.69k stars 156 forks source link

CONFIG_MODULE_SIG_FORCE shouldn't be checked if CONFIG_MODULES is not set #12

Closed hannob closed 5 years ago

hannob commented 5 years ago

I have a minimal kernel without modules for a server. I get a warning about CONFIG_MODULE_SIG_FORCE, which should not apply for a kernel without module support.

For several other module-related options the script behaves correctly (saying 'CONFIG_MODULES: OK ("is not set")' indicating this does not apply), but for CONFIG_MODULE_SIG_FORCE it does not do so.

Output is:

  CONFIG_MODULE_SIG_FORCE                |      y      |   kspp   |  self_protection   ||      FAIL: not found

a13xp0p0v commented 5 years ago

Fixed. Thank you @hannob.