From: "Alessandro Carminati (Red Hat)" <alessandro.carminati@gmail.com>
To: linux-modules@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Luis Chamberlain <mcgrof@kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
linux-doc@vger.kernel.org,
Alessandro Carminati <alessandro.carminati@gmail.com>
Subject: [RFC PATCH 2/2] docs: Update kernel-parameters.txt for signature verification enhancement
Date: Thu, 14 Sep 2023 11:27:39 +0000 [thread overview]
Message-ID: <20230914112739.112729-3-alessandro.carminati@gmail.com> (raw)
In-Reply-To: <20230914112739.112729-1-alessandro.carminati@gmail.com>
Update kernel-parameters.txt to reflect new deferred signature
verification.
Enhances boot speed by allowing unsigned modules in initrd after
bootloader check.
Signed-off-by: Alessandro Carminati (Red Hat) <alessandro.carminati@gmail.com>
---
Documentation/admin-guide/kernel-parameters.txt | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 0c38a8af95ce..beec86f0dd05 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3410,6 +3410,15 @@
Note that if CONFIG_MODULE_SIG_FORCE is set, that
is always true, so this option does nothing.
+ module_sig_check_wait=
+ This parameter enables delayed activation of module
+ signature checks, deferring the process until userspace
+ triggers it. Once activated, this setting becomes
+ permanent and cannot be reversed. This feature proves
+ valuable for incorporating unsigned modules within
+ initrd, especially after bootloader verification.
+ By employing this option, boot times can be quicker.
+
module_blacklist= [KNL] Do not load a comma-separated list of
modules. Useful for debugging problem modules.
--
2.34.1
next prev parent reply other threads:[~2023-09-14 11:28 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-14 11:27 [RFC PATCH 0/2] Enhancing Boot Speed and Security with Delayed Module Signature Verification Alessandro Carminati (Red Hat)
2023-09-14 11:27 ` [RFC PATCH 1/2] Modules: Introduce boot-time module signature flexibility Alessandro Carminati (Red Hat)
2023-11-16 17:35 ` Luis Chamberlain
2023-11-17 13:56 ` Alessandro Carminati
2023-11-17 18:33 ` Luis Chamberlain
2023-11-20 19:43 ` Luca Boccassi
2023-09-14 11:27 ` Alessandro Carminati (Red Hat) [this message]
2023-09-15 15:59 ` [RFC PATCH 2/2] docs: Update kernel-parameters.txt for signature verification enhancement Randy Dunlap
2023-11-08 15:33 ` Prarit Bhargava
2023-11-09 10:40 ` Alessandro Carminati
2023-11-08 15:32 ` [RFC PATCH 0/2] Enhancing Boot Speed and Security with Delayed Module Signature Verification Prarit Bhargava
2023-11-09 10:51 ` Alessandro Carminati
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230914112739.112729-3-alessandro.carminati@gmail.com \
--to=alessandro.carminati@gmail.com \
--cc=corbet@lwn.net \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=mcgrof@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox