2021-04-29 11:08:30 -04:00
|
|
|
## This configuration file modifies the behavior of
|
|
|
|
## DKMS (Dynamic Kernel Module Support) and is sourced
|
|
|
|
## in by DKMS every time it is run.
|
|
|
|
|
|
|
|
## Source Tree Location (default: /usr/src)
|
|
|
|
# source_tree="/usr/src"
|
|
|
|
|
|
|
|
## DKMS Tree Location (default: /var/lib/dkms)
|
|
|
|
# dkms_tree="/var/lib/dkms"
|
|
|
|
|
|
|
|
## Install Tree Location (default: /lib/modules)
|
|
|
|
# install_tree="/lib/modules"
|
|
|
|
|
|
|
|
## tmp Location (default: /tmp)
|
|
|
|
# tmp_location="/tmp"
|
|
|
|
|
|
|
|
## verbosity setting (verbose will be active if you set it to a non-null value)
|
|
|
|
# verbose=""
|
|
|
|
|
|
|
|
## symlink kernel modules (will be active if you set it to a non-null value)
|
|
|
|
## This creates symlinks from the install_tree into the dkms_tree instead of
|
|
|
|
## copying the modules. This preserves some space on the costs of being less
|
|
|
|
## safe.
|
|
|
|
# symlink_modules=""
|
|
|
|
|
|
|
|
## Automatic installation and upgrade for all installed kernels (if set to a
|
|
|
|
## non-null value)
|
|
|
|
# autoinstall_all_kernels=""
|
|
|
|
|
|
|
|
## Script to sign modules during build, script is called with kernel version
|
|
|
|
## and module name
|
|
|
|
# sign_tool="/etc/dkms/sign_helper.sh"
|
2021-04-29 11:14:30 -04:00
|
|
|
|
|
|
|
### BEGIN modifications by package security-misc ###
|
|
|
|
|
|
|
|
## original:
|
|
|
|
## https://github.com/dell/dkms/blob/master/dkms_framework.conf
|
|
|
|
|
|
|
|
## DKMS feature request:
|
|
|
|
## add /etc/dkms/framework.conf.d configuration file drop-in folder
|
|
|
|
## https://github.com/dell/dkms/issues/116
|
|
|
|
|
|
|
|
## Lower parallel compilation jobs to 1 if less than 2 GB RAM to avoid freezing
|
|
|
|
## of virtual machines.
|
|
|
|
##
|
|
|
|
## This does not necessarily belong into security-misc, however likely
|
|
|
|
## security-misc will need to modify /etc/dkms/framework.conf in the future to
|
|
|
|
## enable kernel module signing. See below.
|
|
|
|
##
|
|
|
|
## https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477/26
|
|
|
|
ENOUGH_RAM="1950"
|
|
|
|
total_ram="$(free -m | sed -n -e '/^Mem:/s/^[^0-9]*\([0-9]*\) .*/\1/p')"
|
|
|
|
if [ "$total_ram" -ge "$ENOUGH_RAM" ]; then
|
|
|
|
true "INFO: Enough RAM available. Not lowering compilation cores."
|
|
|
|
else
|
|
|
|
true "INFO: Not enough RAM available. Lowering compilation cores to 1."
|
|
|
|
parallel_jobs=1
|
|
|
|
fi
|
|
|
|
|
|
|
|
## https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58
|
|
|
|
## https://github.com/dell/dkms/blob/master/sign_helper.sh
|
|
|
|
#sign_tool="/etc/dkms/sign_helper.sh"
|
|
|
|
|
|
|
|
### END modifications by package security-misc ###
|