From 41f4441d9dc5777d4ea7424f8422164c548da091 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Wed, 14 Aug 2019 07:01:47 +0000
Subject: [PATCH] readme

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index f1dd05e..205844c 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,11 @@ for DMA (Direct Memory Access) attacks.
 * The kernel now panics on oopses to prevent it from continuing running a
 flawed process.
 
+Requires every module to be signed before being loaded. Any module that is
+unsigned or signed with an invalid key cannot be loaded. This makes it harder
+to load a malicious module.
+/etc/default/grub.d/40_only_allow_signed_modules.cfg
+
 Uncommon network protocols are blacklisted:
 These are rarely used and may have unknown vulnerabilities.
 /etc/modprobe.d/uncommon-network-protocols.conf