security-misc/etc/default/grub.d/40_only_allow_signed_modules.cfg

## Requires every module to be signed before being loaded.
## Any module that is unsigned or signed with an invalid key cannot be loaded.
## This makes it harder to load a malicious module.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"
Revert "allow loading unsigned modules due to issues" This reverts commit 661bcd8603425934188cf139f33e20675ff4b765. 2023-11-03 12:17:00 -04:00			`## Requires every module to be signed before being loaded.`
			`## Any module that is unsigned or signed with an invalid key cannot be loaded.`
			`## This makes it harder to load a malicious module.`
			`GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"`