Only load signed kernel modules by default

Registered by Kees Cook on 2009-04-28

To help protect against kernel-module-rootkits, it would be nice to take advantage of the existing signed kernel module infrastructure in the kernel and publish the Ubuntu kernel with signed modules and a kernel that by default only loaded signed modules. This needs to play nice with DKMS, etc.

Blueprint information

Status:
Not started
Approver:
Rick Clark
Priority:
Undefined
Drafter:
Kees Cook
Direction:
Needs approval
Assignee:
None
Definition:
Discussion
Series goal:
None
Implementation:
Informational Informational
Milestone target:
None

Related branches

Sprints

Whiteboard

I. Goals
  A. Provide source of "trusted" modules (to protect from rootkit-style modules)
  B. Provide mechanism to sign derivative, OEM, and personal modules while blocking unexpected modules
II. Current state
  A. Status of signed kernel modules patch
  B. Kernel keyring
III. Possible implementations?

What happens to OEM drivers? Ubuntu derivatives? --amitk

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.