Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

readme

Browse Source
This commit is contained in:
Patrick Schleizer 2023-11-03 14:53:40 -04:00
parent 0242c04dc2
commit 978e3e4abd
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -90,7 +90,17 @@ TLB invalidation so devices will never be able to access stale data contents.
* Distrust the 'randomly' generated CPU and bootloader seeds.
### Disables and blacklists kernel modules
### Kernel Modules
#### Kernel Module Signature Verification
Not yet due to issues:
https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/64
See:
* `/etc/default/grub.d/40_only_allow_signed_modules.cfg`
#### Disables and blacklists kernel modules
Certain kernel modules are disabled and blacklisted by default to reduce attack surface via the
`/etc/modprobe.d/30_security-misc.conf` configuration file.