## Copyright (C) 2023 - 2024 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. ## This configuration file modifies the behavior of ## DKMS (Dynamic Kernel Module Support) and is sourced ## in by DKMS every time it is run. ## Source Tree Location (default: /usr/src) # source_tree="/usr/src" ## DKMS Tree Location (default: /var/lib/dkms) # dkms_tree="/var/lib/dkms" ## Install Tree Location (default: /lib/modules) # install_tree="/lib/modules" ## tmp Location (default: /tmp) # tmp_location="/tmp" ## verbosity setting (verbose will be active if you set it to a non-null value) # verbose="" ## symlink kernel modules (will be active if you set it to a non-null value) ## This creates symlinks from the install_tree into the dkms_tree instead of ## copying the modules. This preserves some space on the costs of being less ## safe. # symlink_modules="" ## Automatic installation and upgrade for all installed kernels (if set to a ## non-null value) # autoinstall_all_kernels="" ## Script to sign modules during build, script is called with kernel version ## and module name # sign_tool="/etc/dkms/sign_helper.sh" ### BEGIN modifications by package security-misc ### ## original: ## https://github.com/dell/dkms/blob/master/dkms_framework.conf ## DKMS feature request: ## add /etc/dkms/framework.conf.d configuration file drop-in folder ## https://github.com/dell/dkms/issues/116 ## Lower parallel compilation jobs to 1 if less than 2 GB RAM to avoid freezing ## of virtual machines. ## ## This does not necessarily belong into security-misc, however likely ## security-misc will need to modify /etc/dkms/framework.conf in the future to ## enable kernel module signing. See below. ## ## https://forums.whonix.org/t/linux-kernel-runtime-guard-lkrg-linux-kernel-runtime-integrity-checking-and-exploit-detection/8477/26 ENOUGH_RAM="1950" total_ram="$(free -m | sed -n -e '/^Mem:/s/^[^0-9]*\([0-9]*\) .*/\1/p')" if [ "$total_ram" -ge "$ENOUGH_RAM" ]; then true "INFO: Enough RAM available. Not lowering compilation cores." else true "INFO: Not enough RAM available. Lowering compilation cores to 1." parallel_jobs=1 fi ## https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/58 ## https://github.com/dell/dkms/blob/master/sign_helper.sh #sign_tool="/etc/dkms/sign_helper.sh" ### END modifications by package security-misc ###