Documentation/admin-guide/module-signing.rst

10 .. - Manually signing modules.
11 .. - Signed modules and stripping.
12 .. - Loading signed modules.
13 .. - Non-valid signatures and unsigned modules.
21 The kernel module signing facility cryptographically signs modules during
23 allows increased kernel security by disallowing the loading of unsigned modules
24 or modules signed with an invalid key.  Module signing increases security by
49  (1) :menuselection:`Require modules to be validly signed`
55      If this is off (ie. "permissive"), then modules for which the key is not
56      available and modules that are unsigned are permitted, but the kernel will
57      be marked as being tainted, and the concerned modules will be marked as
60      If this is on (ie. "restrictive"), only modules that have a valid
62      will be loaded.  All other modules will generate an error.
68  (2) :menuselection:`Automatically sign all modules`
71      If this is on then modules will be automatically signed during the
72      modules_install phase of a build.  If this is off, then the modules must
78  (3) :menuselection:`Which hash algorithm should modules be signed with?`
81      sign the modules with:
84 	``CONFIG_MODULE_SIG_SHA256``	:menuselection:`Sign modules with SHA-256`
85 	``CONFIG_MODULE_SIG_SHA384``	:menuselection:`Sign modules with SHA-384`
86 	``CONFIG_MODULE_SIG_SHA512``	:menuselection:`Sign modules with SHA-512`
87 	``CONFIG_MODULE_SIG_SHA3_256``	:menuselection:`Sign modules with SHA3-256`
88 	``CONFIG_MODULE_SIG_SHA3_384``	:menuselection:`Sign modules with SHA3-384`
89 	``CONFIG_MODULE_SIG_SHA3_512``	:menuselection:`Sign modules with SHA3-512`
93      than being a module) so that modules signed with that algorithm can have
102      and allow the kernel modules to be signed with a key of your choosing.
133 kernel so that it can be used to check the signatures as the modules are
217 Manually signing modules
242 Signed modules and stripping
249 Signed modules are BRITTLE as the signature is outside of the defined ELF
256 Loading signed modules
260 ``finit_module()``, exactly as for unsigned modules as no processing is
265 Non-valid signatures and unsigned modules
269 the kernel command line, the kernel will only load validly signed modules
270 for which it has a public key.   Otherwise, it will also load modules that are
281 Since the private key is used to sign modules, viruses and malware could use
282 the private key to sign modules and compromise the operating system.  The
286 If you use the same private key to sign modules for multiple kernel