[arch-general] SIgned Kernel Modules - new wiki page

Genes Lists lists at sapience.com
Fri Oct 11 19:32:19 UTC 2019

Since the kernel now separates verification of signed modules from the
enforcement policy whether to allow unverified modules to be loaded or
now I thought it's time to explore.  The enforcement policy can be
compiled in or turned on at run time via boot option to kernel.

I now have it working to sign all the in tree modules as well as the out
of tree modules.

In my case I'm signing virtualbox and wireguard.

In case it's helpful I created a wiki page outlining what I did to get
this working.

Hope it's useful.



More information about the arch-general mailing list