2022-11-07 03:13:34 +03:00
|
|
|
From 202c591714b08df9b9e12e362a1b2b86692f021f Mon Sep 17 00:00:00 2001
|
2020-08-10 10:44:43 +03:00
|
|
|
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
|
|
|
|
|
Date: Mon, 10 Aug 2020 10:38:20 +0300
|
|
|
|
|
Subject: [PATCH] ROSA: ima: allow to off modules signature check dynamically
|
|
|
|
|
|
|
|
|
|
Allow module.sig_enforce=0 kernel cmdline, not only module.sig_enforce=1
|
2020-08-10 10:47:03 +03:00
|
|
|
It allows to keep CONFIG_MODULE_SIG_FORCE=y, but disable it when really needed
|
|
|
|
|
without recompiling the kernel (it may be impossible, e.g. in certified systems).
|
2020-08-10 10:44:43 +03:00
|
|
|
|
|
|
|
|
GRUB or another bootloader is password-protected when needed,
|
|
|
|
|
so I am not afraid much that someone will be able to turn it off when not needed.
|
|
|
|
|
|
|
|
|
|
ROSA-specific patch.
|
2020-08-20 09:40:21 +03:00
|
|
|
This violates requirements of "secure boot", but currently we do not have secure boot in ROSA.
|
2020-08-10 10:44:43 +03:00
|
|
|
|
|
|
|
|
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
|
|
|
|
|
---
|
2022-11-07 03:13:34 +03:00
|
|
|
kernel/module/signing.c | 2 +-
|
2020-08-10 10:44:43 +03:00
|
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
|
|
2022-11-07 03:13:34 +03:00
|
|
|
diff --git a/kernel/module/signing.c b/kernel/module/signing.c
|
|
|
|
|
index a2ff4242e623..c81ee6b6380e 100644
|
|
|
|
|
--- a/kernel/module/signing.c
|
|
|
|
|
+++ b/kernel/module/signing.c
|
|
|
|
|
@@ -20,7 +20,7 @@
|
|
|
|
|
#define MODULE_PARAM_PREFIX "module."
|
2020-08-10 10:44:43 +03:00
|
|
|
|
|
|
|
|
static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
|
|
|
|
|
-module_param(sig_enforce, bool_enable_only, 0644);
|
|
|
|
|
+module_param(sig_enforce, bool, 0644);
|
|
|
|
|
|
2022-11-07 03:13:34 +03:00
|
|
|
/*
|
|
|
|
|
* Export sig_enforce kernel cmdline parameter to allow other subsystems rely
|
2020-08-10 10:44:43 +03:00
|
|
|
--
|
2022-11-07 03:13:34 +03:00
|
|
|
2.35.2
|
2020-08-10 10:44:43 +03:00
|
|
|
|
