Lines Matching full:module

1 Kernel module signing facility
7 .. - Configuring module signing.
21 The kernel module signing facility cryptographically signs modules during
22 installation and then checks the signature upon loading the module.  This
24 or modules signed with an invalid key.  Module signing increases security by
25 making it harder to load a malicious module into the kernel.  The module
38 Configuring module signing
41 The module signing facility is enabled by going to the
42 :menuselection:`Enable Loadable Module Support` section of
45 	CONFIG_MODULE_SIG	"Module signature verification"
52      This specifies how the kernel should deal with a module that has a
53      signature for which the key is not known or a module that is unsigned.
64      Irrespective of the setting here, if the module has a signature block that
92      than being a module) so that modules signed with that algorithm can have
96  (4) :menuselection:`File name or PKCS#11 URI of module signing key`
120 Note that enabling module signing adds a dependency on the OpenSSL devel
191 Beyond the public key generated specifically for module signing, additional
215 To manually sign a module, use the scripts/sign-file tool available in
221 	4.  The kernel module to be signed
223 The following is an example to sign a kernel module::
226 		kernel-signkey.x509 module.ko
240 A signed module has a digital signature simply appended at the end.  The string
241 ``~Module signature appended~.`` at the end of the module's file confirms that a
246 attached.  Note the entire module is the signed payload, including any and all
263 If ``CONFIG_MODULE_SIG_FORCE`` is enabled or module.sig_enforce=1 is supplied on
266 unsigned.   Any module for which the kernel has a key, but which proves to have
269 Any module that has an unparseable signature will be rejected.
282 configurations, you must ensure that the module version information is
283 sufficient to prevent loading a module into a different kernel.  Either