security-misc/etc/default/grub.d/40_only_allow_signed_modules.cfg

# Requires every module to be signed before being loaded. Any module that is unsigned or signed with an invalid key cannot be loaded.
# This makes it harder to load a malicious module.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"
Create 40_only_allow_signed_modules.cfg Require all loaded kernel modules to be signed with a valid key. 2019-08-13 09:33:07 -04:00			`# Requires every module to be signed before being loaded. Any module that is unsigned or signed with an invalid key cannot be loaded.`
			`# This makes it harder to load a malicious module.`
			`GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"`