diff options
author | Rusty Russell <rusty@rustcorp.com.au> | 2012-09-26 10:09:40 +0100 |
---|---|---|
committer | Rusty Russell <rusty@rustcorp.com.au> | 2012-10-10 20:00:55 +1030 |
commit | 106a4ee258d14818467829bf0e12aeae14c16cd7 (patch) | |
tree | 4a5d002eceff4a028ebc8d88223b1ed735bee224 /kernel/Makefile | |
parent | c26fd69fa00916a31a47f5f096fd7be924106df8 (diff) |
module: signature checking hook
We do a very simple search for a particular string appended to the module
(which is cache-hot and about to be SHA'd anyway). There's both a config
option and a boot parameter which control whether we accept or fail with
unsigned modules and modules that are signed with an unknown key.
If module signing is enabled, the kernel will be tainted if a module is
loaded that is unsigned or has a signature for which we don't have the
key.
(Useful feedback and tweaks by David Howells <dhowells@redhat.com>)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Diffstat (limited to 'kernel/Makefile')
-rw-r--r-- | kernel/Makefile | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/Makefile b/kernel/Makefile index c0cc67ad764..08ba8a6abd1 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -55,6 +55,7 @@ obj-$(CONFIG_DEBUG_SPINLOCK) += spinlock.o obj-$(CONFIG_PROVE_LOCKING) += spinlock.o obj-$(CONFIG_UID16) += uid16.o obj-$(CONFIG_MODULES) += module.o +obj-$(CONFIG_MODULE_SIG) += module_signing.o obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o obj-$(CONFIG_KEXEC) += kexec.o |