git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Rusty Russell <rusty@rustcorp.com.au>
	Wed, 26 Sep 2012 09:09:40 +0000 (10:09 +0100)
committer	Rusty Russell <rusty@rustcorp.com.au>
	Mon, 8 Oct 2012 03:20:22 +0000 (13:50 +1030)
commit	a15e196c5543d1d2d7f0cd70e62351aeb1f8b871
tree	94dfb3dd8e459968539ee96b296fbbdf2cfc105f	tree \| snapshot
parent	c26fd69fa00916a31a47f5f096fd7be924106df8	commit \| diff

module: signature checking hook

We do a very simple search for a particular string appended to the module
(which is cache-hot and about to be SHA'd anyway). There's both a config
option and a boot parameter which control whether we accept or fail with
unsigned modules and modules that are signed with an unknown key.

If module signing is enabled, the kernel will be tainted if a module is
loaded that is unsigned or has a signature for which we don't have the
key.

(Useful feedback and tweaks by David Howells <dhowells@redhat.com>)

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Documentation/kernel-parameters.txt		diff \| blob \| history
include/linux/module.h		diff \| blob \| history
init/Kconfig		diff \| blob \| history
kernel/Makefile		diff \| blob \| history
kernel/module-internal.h	[new file with mode: 0644]	blob
kernel/module.c		diff \| blob \| history
kernel/module_signing.c	[new file with mode: 0644]	blob