On Tue, Apr 28, 2020 at 02:00:08PM +0800, Tianjia Zhang wrote: > This option allows to disable modsign completely at the beginning, > and turn off by set the kernel cmdline `no_modsig_enforce` when > `CONFIG_MODULE_SIG_FORCE` is enabled. > > Yet another change allows to always show the current status of > modsign through `/sys/module/module/parameters/sig_enforce`. > > Signed-off-by: Jia Zhang <zhang.jia@xxxxxxxxxxxxxxxxx> > Signed-off-by: Tianjia Zhang <tianjia.zhang@xxxxxxxxxxxxxxxxx> > --- > > v3 change: > Beautify the document description according to the recommendation. > > v2 change: > document this new option. > > Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ > kernel/module.c | 8 ++++++++ > 2 files changed, 14 insertions(+) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index 7bc83f3d9bdf..b30f013fb8c5 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -3190,6 +3190,12 @@ > noirqdebug [X86-32] Disables the code which attempts to detect and > disable unhandled interrupt sources. > > + no_modsig_enforce > + [KNL] When CONFIG_MODULE_SIG_FORCE is set, this option > + allows to disable modsign completely at the beginning. > + This means that modules without (valid) signatures will > + be loaded successfully. > + So now we have module.sig_enforce and this one? That feels really confusing, why can't you just use the existing option? And why would you want to allow the bootloader to override a kernel build option like this? That feels risky. thanks, greg k-h
