From 978e3e4abd8f55a877dfe0d6e39b45ee9f58ba6d Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@whonix.org>
Date: Fri, 3 Nov 2023 14:53:40 -0400
Subject: [PATCH] readme

---
 README.md | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8ca39df..96cab41 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,17 @@ TLB invalidation so devices will never be able to access stale data contents.
 
 * Distrust the 'randomly' generated CPU and bootloader seeds.
 
-### Disables and blacklists kernel modules
+### Kernel Modules
+#### Kernel Module Signature Verification
+
+Not yet due to issues:
+https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/64
+
+See:
+
+* `/etc/default/grub.d/40_only_allow_signed_modules.cfg`
+
+#### Disables and blacklists kernel modules
 
 Certain kernel modules are disabled and blacklisted by default to reduce attack surface via the
 `/etc/modprobe.d/30_security-misc.conf` configuration file.