The kernel can be configured to verify the appended kernel module signature, the IMA signature stored as an xattr, both types of signatures, or none. On systems with secure boot enabled AND the IMA architecture specific policy enabled, this patch set requires the file to be signed. Both methods of loading kernel modules - init_module and finit_module syscalls - need to either verify the kernel module signature or prevent the kernel module from being loaded. "modprobe" first tries loading the kernel module via the finit_module syscall and falls back to the init_module syscall, making it difficult to test one syscall and then the other. Mimi Zohar (1): x86/ima: require signed kernel modules arch/x86/kernel/ima_arch.c | 9 ++++++++- include/linux/module.h | 7 ++++++- kernel/module.c | 15 +++++++++++---- security/integrity/ima/ima_main.c | 2 +- 4 files changed, 26 insertions(+), 7 deletions(-) -- 2.7.5
