security-misc/etc/default/grub.d/40_only_allow_signed_modules.cfg

mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-29 06:16:15 -05:00
# Requires every module to be signed before being loaded. Any module that is unsigned or signed with an invalid key cannot be loaded.
# This makes it harder to load a malicious module.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"
	`# Requires every module to be signed before being loaded. Any module that is unsigned or signed with an invalid key cannot be loaded.`
	`# This makes it harder to load a malicious module.`
	`GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"`