Enforce module signatures if the kernel is locked down
If the kernel is locked down, require that all modules have valid
signatures that we can verify or that IMA can validate the file.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
[bwh: Adjust context to apply after commits
2c8fd268f418
"module: Do not access sig_enforce directly" and
5fdc7db6448a
"module: setup load info before module_sig_check()"]
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0004-Enforce-module-signatures-if-the-kernel-is-locked-do.patch
projects / linux.git / commit