Only load signed kernel modules by default
Registered by
Kees Cook
To help protect against kernel-
Blueprint information
- Status:
- Not started
- Approver:
- Rick Clark
- Priority:
- Undefined
- Drafter:
- Kees Cook
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Discussion
- Series goal:
- None
- Implementation:
- Informational
- Milestone target:
- None
- Started by
- Completed by
Whiteboard
I. Goals
A. Provide source of "trusted" modules (to protect from rootkit-style modules)
B. Provide mechanism to sign derivative, OEM, and personal modules while blocking unexpected modules
II. Current state
A. Status of signed kernel modules patch
B. Kernel keyring
III. Possible implementations?
What happens to OEM drivers? Ubuntu derivatives? --amitk
(?)