Zack’s Kernel News
Kernel News
Chronicler Zack Brown reports on the latest news, views, dilemmas, and developments within the Linux kernel community.
make MODSIG=1
Mimi Zohar introduced a patch to support ephemeral module signing. The idea is that if you use a private key to sign modules, the kernel can use a public key to ensure that it only loads modules signed by you. Anyone trying to crack into your system by loading a hostile module would find the way blocked.
The problem is that if they do get a certain level of access to your system, they might locate your private key, sign their hostile module with it, and thus crack deeper into your system anyway.
Buy this article as PDF
(incl. VAT)