diff --git a/README.md b/README.md
index f1dd05e..205844c 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,11 @@ for DMA (Direct Memory Access) attacks.
 * The kernel now panics on oopses to prevent it from continuing running a
 flawed process.
 
+Requires every module to be signed before being loaded. Any module that is
+unsigned or signed with an invalid key cannot be loaded. This makes it harder
+to load a malicious module.
+/etc/default/grub.d/40_only_allow_signed_modules.cfg
+
 Uncommon network protocols are blacklisted:
 These are rarely used and may have unknown vulnerabilities.
 /etc/modprobe.d/uncommon-network-protocols.conf