On 5/5/26 11:05 AM, Thomas Weißschuh wrote: > The module authentication functionality will also be used by the > hash-based module authentication. Split it out from CONFIG_MODULE_SIG > so it is usable by both. > > Signed-off-by: Thomas Weißschuh <[email protected]> > [...] > diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig > index f535181e0d98..84297da666ff 100644 > --- a/kernel/module/Kconfig > +++ b/kernel/module/Kconfig > @@ -271,9 +271,12 @@ config MODULE_SIG > debuginfo strip done by some packagers (such as rpmbuild) and > inclusion into an initramfs that wants the module size reduced. > > +config MODULE_AUTH > + def_bool MODULE_SIG > + > config MODULE_SIG_FORCE > bool "Require modules to be validly signed" > - depends on MODULE_SIG > + depends on MODULE_AUTH > help > Reject unsigned modules or signed modules for which we don't have a > key. Without this, such modules will simply taint the kernel.
Should MODULE_SIG_FORCE be renamed to MODULE_AUTH_FORCE, along with renaming the sig_enforce functionality in kernel/module/auth.c to auth_enforce? -- Thanks, Petr
