On 2026-03-10 15:01:46-0700, Eric Biggers wrote: > On Tue, Jan 13, 2026 at 01:28:53PM +0100, Thomas Weißschuh wrote: > > The loading policy functionality will also be used by the hash-based > > module validation. Split it out from CONFIG_MODULE_SIG so it is usable > > by both. > > > > Signed-off-by: Thomas Weißschuh <[email protected]> > > --- > > include/linux/module.h | 8 ++++---- > > kernel/module/Kconfig | 5 ++++- > > kernel/module/main.c | 26 +++++++++++++++++++++++++- > > kernel/module/signing.c | 21 --------------------- > > 4 files changed, 33 insertions(+), 27 deletions(-) > > > > diff --git a/include/linux/module.h b/include/linux/module.h > > index f288ca5cd95b..f9601cba47cd 100644 > > --- a/include/linux/module.h > > +++ b/include/linux/module.h > > @@ -444,7 +444,7 @@ struct module { > > const u32 *gpl_crcs; > > bool using_gplonly_symbols; > > > > -#ifdef CONFIG_MODULE_SIG > > +#ifdef CONFIG_MODULE_SIG_POLICY > > /* Signature was verified. */ > > bool sig_ok; > > #endif > [...] > > +config MODULE_SIG_POLICY > > + def_bool MODULE_SIG > > Maybe MODULE_AUTH_POLICY? Hash-based module authentication does not use > signatures. > > This issue appears elsewhere in the code too. There are lots of places > that still refer to module signatures or "sigs", when really module > authentication is meant. > > I'm not sure how far you want to go with the renaming, but it's > something to think about. It's confusing to use the term "signature" to > mean something that is not a signature.
Ack. "authentication" is much better, I'll use that. Thomas
