Lines Matching full:module

1 Kernel module signing facility
7 .. - Configuring module signing.
21 The kernel module signing facility cryptographically signs modules during
22 installation and then checks the signature upon loading the module.  This
24 or modules signed with an invalid key.  Module signing increases security by
25 making it harder to load a malicious module into the kernel.  The module
38 Configuring module signing
41 The module signing facility is enabled by going to the
42 :menuselection:`Enable Loadable Module Support` section of
45 	CONFIG_MODULE_SIG	"Module signature verification"
52      This specifies how the kernel should deal with a module that has a
53      signature for which the key is not known or a module that is unsigned.
64      Irrespective of the setting here, if the module has a signature block that
93      than being a module) so that modules signed with that algorithm can have
97  (4) :menuselection:`File name or PKCS#11 URI of module signing key`
121 Note that enabling module signing adds a dependency on the OpenSSL devel
196 Beyond the public key generated specifically for module signing, additional
220 To manually sign a module, use the scripts/sign-file tool available in
226 	4.  The kernel module to be signed
228 The following is an example to sign a kernel module::
231 		kernel-signkey.x509 module.ko
245 A signed module has a digital signature simply appended at the end.  The string
246 ``~Module signature appended~.`` at the end of the module's file confirms that a
251 attached.  Note the entire module is the signed payload, including any and all
268 If ``CONFIG_MODULE_SIG_FORCE`` is enabled or module.sig_enforce=1 is supplied on
271 unsigned.   Any module for which the kernel has a key, but which proves to have
274 Any module that has an unparsable signature will be rejected.
287 configurations, you must ensure that the module version information is
288 sufficient to prevent loading a module into a different kernel.  Either