Re: [PATCH V2] Allow configuring whether unsigned modules taint the kernel
From: Matthew Garrett
Date: Tue Feb 27 2018 - 16:14:57 EST
On Tue, Feb 20, 2018 at 2:51 PM Matthew Garrett <mjg59@xxxxxxxxxx> wrote:
> Distributions build kernels that are intended to satisfy multiple
> use-cases. One is that kernels must be usable in scenarios where module
> signing is required (such as many Secure Boot policies) and scenarios
> where it isn't (such as booting the same kernel on a legacy BIOS
> system). This requires that CONFIG_MODULE_SIG be set, but this causes a
> change in behaviour for the legacy platform case - loading an unsigned
> module now taints the kernel. This is a change in behaviour, and may
> cause users to file bugs, increasing distribution support load.
Sorry, just realised I sent the wrong version of this - I'll resend.