On 9/14/23 04:27, Alessandro Carminati (Red Hat) wrote: > Update kernel-parameters.txt to reflect new deferred signature > verification. > Enhances boot speed by allowing unsigned modules in initrd after > bootloader check. > > Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati@xxxxxxxxx> > --- > Documentation/admin-guide/kernel-parameters.txt | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index 0c38a8af95ce..beec86f0dd05 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -3410,6 +3410,15 @@ > Note that if CONFIG_MODULE_SIG_FORCE is set, that > is always true, so this option does nothing. > > + module_sig_check_wait= > + This parameter enables delayed activation of module > + signature checks, deferring the process until userspace > + triggers it. Once activated, this setting becomes > + permanent and cannot be reversed. This feature proves > + valuable for incorporating unsigned modules within > + initrd, especially after bootloader verification. > + By employing this option, boot times can be quicker. > + Please keep the entries here in alphabetical order. This new entry should be after module_blacklist, not before it. Thanks. > module_blacklist= [KNL] Do not load a comma-separated list of > modules. Useful for debugging problem modules. > -- ~Randy
