Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Module signing #28440

Closed
anon-lestat opened this issue Feb 3, 2021 · 2 comments
Closed

Module signing #28440

anon-lestat opened this issue Feb 3, 2021 · 2 comments

Comments

@anon-lestat
Copy link

anon-lestat commented Feb 3, 2021
edited

  • xuname:
    Void 5.4.94_1 x86_64-musl GenuineIntel uptodate rDFFF
  • package:
    linux5.4.94_1

Expected behavior

Enable enforced module signing and system boots without allowing unsigned modules.

Actual behavior

Linux doesnt start

Steps to reproduce the behavior

Make these changes in kernel config before compiling:
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_ALL=y
CONFIG_MODULE_SIG_SHA1=y
CONFIG_MODULE_SIG_HASH="sha1"
Compile, Package and install the kernel.

Add module.sig_enforce=1 to boot parameters,
Start the system.

The kernel config used: https://notabug.org/anonymous-lestat/Void-Hardened-Kernel/src/master/x86_64-dotconfig-custom
@anon-lestat
Copy link
Author

Kernel is tainted which means modules didnt get signed.

@ahesford
Copy link
Member

ahesford commented Feb 3, 2021

You are building a custom kernel, this is not a Void issue.

@ahesford ahesford closed this as completed Feb 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ahesford @anon-lestat