On Fri, 8 Mar 2019, Matthew Garrett wrote: > On Fri, Mar 8, 2019 at 3:00 PM James Morris <jmor...@namei.org> wrote: > > > > On Wed, 6 Mar 2019, Matthew Garrett wrote: > > > > > From: David Howells <dhowe...@redhat.com> > > > > > > If the kernel is locked down, require that all modules have valid > > > signatures that we can verify. > > > > Perhaps note that this won't cover the case where folk are using DM-Verity > > with a signed root hash for verifying kernel modules. > > Mm. I can't see a terribly good way of doing this generically - > loadpin gives no indication to the module loading code that it comes > from a trusted source. Would making the lockdown/module signature > enforcement a separate config option be reasonable?
I was just suggest documenting this. -- James Morris <jmor...@namei.org>