Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 106a4ee258d14818467829bf0e12aeae14c16cd7
commit106a4ee258d14818467829bf0e12aeae14c16cd7[log] [tgz]
authorRusty Russell <rusty@rustcorp.com.au>Wed Sep 26 10:09:40 2012 +0100
committerRusty Russell <rusty@rustcorp.com.au>Wed Oct 10 20:00:55 2012 +1030
tree4a5d002eceff4a028ebc8d88223b1ed735bee224
parentc26fd69fa00916a31a47f5f096fd7be924106df8 [diff]
module: signature checking hook

We do a very simple search for a particular string appended to the module
(which is cache-hot and about to be SHA'd anyway).  There's both a config
option and a boot parameter which control whether we accept or fail with
unsigned modules and modules that are signed with an unknown key.

If module signing is enabled, the kernel will be tainted if a module is
loaded that is unsigned or has a signature for which we don't have the
key.

(Useful feedback and tweaks by David Howells <dhowells@redhat.com>)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
7 files changed
tree: 4a5d002eceff4a028ebc8d88223b1ed735bee224
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS