mirror of
https://github.com/Kicksecure/security-misc.git
synced 2024-10-01 08:25:45 -04:00
97054b2b10
due to issues https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/63 https://github.com/dell/dkms/issues/359
9 lines
494 B
INI
9 lines
494 B
INI
## Requires every module to be signed before being loaded.
|
|
## Any module that is unsigned or signed with an invalid key cannot be loaded.
|
|
## This makes it harder to load a malicious module.
|
|
##
|
|
## Not enabled by default yet due to issues:
|
|
## https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/61
|
|
## https://github.com/dell/dkms/issues/359
|
|
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"
|