[PATCH v2 0/4] modsign enhancement
From: Jia Zhang
Date: Wed Mar 07 2018 - 23:27:37 EST
This patch series allows to disable module validity enforcement
in runtime through /sys/kernel/security/modsign/enforce interface.
Assuming CONFIG_MODULE_SIG_FORCE=y, here are the instructions to
disable the validity enforcement.
# cat /sys/kernel/security/modsign/enforce
# echo -n 0 > data
# openssl smime -sign -nocerts -noattr -binary -in data \
-inkey <system_trusted_key> -signer <cert> -outform der \
-out /sys/kernel/security/modsign/enforce
Now enable enforcement again on demand.
# echo 1 > /sys/kernel/security/modsign/enforce
Changelog:
v2:
- Support to disable validity enforcement in runtime.