Require kernel modules to be signed with a valid key

anthraxx / linux-hardened

Minimal supplement to upstream Kernel Self Protection Project changes. Features already provided by SELinux + Yama and archs other than multiarch arm64 / x86_64 aren't in scope. Only tags have stable history. Shared IRC channel with KSPP: irc.libera.chat #linux-hardening

Other

567 stars 56 forks source link

Require kernel modules to be signed with a valid key #9

Closed madaidan closed 5 years ago

madaidan commented 5 years ago

This makes it harder to load a malicious kernel module by requiring them to be signed with a valid key. Any module that is unsigned or signed with an invalid key won't be loaded.

https://www.kernel.org/doc/html/v5.2/admin-guide/module-signing.html

Bernhard40 commented 5 years ago

This will require all out-of-tree modules like nvidia drivers or wireguard have to be signed with the same key which was used for building kernel which isn't feasible except for private use therefore this option shouldn't be the default. I recommend to use boot param instead.

madaidan commented 5 years ago

I forgot about those. This isn't a good idea then. Thanks.