If a module signing key is used for multiple kernel builds, it is critical that the modules for each build can be distinguished. This series makes force-loading invalidate module signatures and documents the importance of module version info when reusing a key for multiple builds.
Ben.
Ben Hutchings (3):
module: Invalidate signatures on force-loaded modules
Documentation/module-signing.txt: Note need for version info if
reusing a key
module: Disable MODULE_FORCE_LOAD when MODULE_SIG_FORCE is enabled
Documentation/module-signing.txt | 6 ++++++
init/Kconfig | 1 +
kernel/module.c | 13 +++++++++----
3 files changed, 16 insertions(+), 4 deletions(-)
signature.asc
Description: Digital signature
