From: "Thomas Weißschuh" <linux@weissschuh.net>
To: Nathan Chancellor <nathan@kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
Luis Chamberlain <mcgrof@kernel.org>,
Petr Pavlu <petr.pavlu@suse.com>,
Sami Tolvanen <samitolvanen@google.com>,
Daniel Gomez <da.gomez@samsung.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Jonathan Corbet <corbet@lwn.net>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
Naveen N Rao <naveen@kernel.org>,
Mimi Zohar <zohar@linux.ibm.com>,
Roberto Sassu <roberto.sassu@huawei.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Eric Snowberg <eric.snowberg@oracle.com>,
Nicolas Schier <nicolas.schier@linux.dev>,
Daniel Gomez <da.gomez@kernel.org>,
Aaron Tomlin <atomlin@atomlin.com>,
"Christophe Leroy (CS GROUP)" <chleroy@kernel.org>,
Nicolas Schier <nsc@kernel.org>,
Nicolas Bouchinet <nicolas.bouchinet@oss.cyber.gouv.fr>,
Xiu Jianfeng <xiujianfeng@huawei.com>,
Nicolas Schier <nsc@kernel.org>,
Christophe Leroy <chleroy@kernel.org>
Cc: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>,
"Arnout Engelen" <arnout@bzzt.net>,
"Mattia Rizzolo" <mattia@mapreri.org>,
kpcyrd <kpcyrd@archlinux.org>,
"Christian Heusel" <christian@heusel.eu>,
"Câju Mihai-Drosi" <mcaju95@gmail.com>,
"Sebastian Andrzej Siewior" <bigeasy@linutronix.de>,
linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-arch@vger.kernel.org, linux-modules@vger.kernel.org,
linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org,
"Thomas Weißschuh" <linux@weissschuh.net>
Subject: [PATCH v4 09/17] module: Make module loading policy usable without MODULE_SIG
Date: Tue, 13 Jan 2026 13:28:53 +0100 [thread overview]
Message-ID: <20260113-module-hashes-v4-9-0b932db9b56b@weissschuh.net> (raw)
In-Reply-To: <20260113-module-hashes-v4-0-0b932db9b56b@weissschuh.net>
The loading policy functionality will also be used by the hash-based
module validation. Split it out from CONFIG_MODULE_SIG so it is usable
by both.
Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
---
include/linux/module.h | 8 ++++----
kernel/module/Kconfig | 5 ++++-
kernel/module/main.c | 26 +++++++++++++++++++++++++-
kernel/module/signing.c | 21 ---------------------
4 files changed, 33 insertions(+), 27 deletions(-)
diff --git a/include/linux/module.h b/include/linux/module.h
index f288ca5cd95b..f9601cba47cd 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -444,7 +444,7 @@ struct module {
const u32 *gpl_crcs;
bool using_gplonly_symbols;
-#ifdef CONFIG_MODULE_SIG
+#ifdef CONFIG_MODULE_SIG_POLICY
/* Signature was verified. */
bool sig_ok;
#endif
@@ -916,7 +916,7 @@ static inline bool retpoline_module_ok(bool has_retpoline)
}
#endif
-#ifdef CONFIG_MODULE_SIG
+#ifdef CONFIG_MODULE_SIG_POLICY
bool is_module_sig_enforced(void);
void set_module_sig_enforced(void);
@@ -925,7 +925,7 @@ static inline bool module_sig_ok(struct module *module)
{
return module->sig_ok;
}
-#else /* !CONFIG_MODULE_SIG */
+#else /* !CONFIG_MODULE_SIG_POLICY */
static inline bool is_module_sig_enforced(void)
{
return false;
@@ -939,7 +939,7 @@ static inline bool module_sig_ok(struct module *module)
{
return true;
}
-#endif /* CONFIG_MODULE_SIG */
+#endif /* CONFIG_MODULE_SIG_POLICY */
#if defined(CONFIG_MODULES) && defined(CONFIG_KALLSYMS)
int module_kallsyms_on_each_symbol(const char *modname,
diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
index e8bb2c9d917e..db3b61fb3e73 100644
--- a/kernel/module/Kconfig
+++ b/kernel/module/Kconfig
@@ -270,9 +270,12 @@ config MODULE_SIG
debuginfo strip done by some packagers (such as rpmbuild) and
inclusion into an initramfs that wants the module size reduced.
+config MODULE_SIG_POLICY
+ def_bool MODULE_SIG
+
config MODULE_SIG_FORCE
bool "Require modules to be validly signed"
- depends on MODULE_SIG
+ depends on MODULE_SIG_POLICY
help
Reject unsigned modules or signed modules for which we don't have a
key. Without this, such modules will simply taint the kernel.
diff --git a/kernel/module/main.c b/kernel/module/main.c
index a88f95a13e06..4442397a9f92 100644
--- a/kernel/module/main.c
+++ b/kernel/module/main.c
@@ -2541,7 +2541,7 @@ static void module_augment_kernel_taints(struct module *mod, struct load_info *i
mod->name);
add_taint_module(mod, TAINT_TEST, LOCKDEP_STILL_OK);
}
-#ifdef CONFIG_MODULE_SIG
+#ifdef CONFIG_MODULE_SIG_POLICY
mod->sig_ok = info->sig_ok;
if (!mod->sig_ok) {
pr_notice_once("%s: module verification failed: signature "
@@ -3921,3 +3921,27 @@ static int module_debugfs_init(void)
}
module_init(module_debugfs_init);
#endif
+
+#ifdef CONFIG_MODULE_SIG_POLICY
+
+#undef MODULE_PARAM_PREFIX
+#define MODULE_PARAM_PREFIX "module."
+
+static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
+module_param(sig_enforce, bool_enable_only, 0644);
+
+/*
+ * Export sig_enforce kernel cmdline parameter to allow other subsystems rely
+ * on that instead of directly to CONFIG_MODULE_SIG_FORCE config.
+ */
+bool is_module_sig_enforced(void)
+{
+ return sig_enforce;
+}
+EXPORT_SYMBOL(is_module_sig_enforced);
+
+void set_module_sig_enforced(void)
+{
+ sig_enforce = true;
+}
+#endif
diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index 6d64c0d18d0a..66d90784de89 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -16,27 +16,6 @@
#include <uapi/linux/module.h>
#include "internal.h"
-#undef MODULE_PARAM_PREFIX
-#define MODULE_PARAM_PREFIX "module."
-
-static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
-module_param(sig_enforce, bool_enable_only, 0644);
-
-/*
- * Export sig_enforce kernel cmdline parameter to allow other subsystems rely
- * on that instead of directly to CONFIG_MODULE_SIG_FORCE config.
- */
-bool is_module_sig_enforced(void)
-{
- return sig_enforce;
-}
-EXPORT_SYMBOL(is_module_sig_enforced);
-
-void set_module_sig_enforced(void)
-{
- sig_enforce = true;
-}
-
int module_sig_check(struct load_info *info, int flags)
{
int err;
--
2.52.0
next prev parent reply other threads:[~2026-01-13 12:39 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-13 12:28 [PATCH v4 00/17] module: Introduce hash-based integrity checking Thomas Weißschuh
2026-01-13 12:28 ` [PATCH v4 01/17] module: Only declare set_module_sig_enforced when CONFIG_MODULE_SIG=y Thomas Weißschuh
2026-01-13 12:28 ` [PATCH v4 02/17] powerpc/ima: Drop unnecessary check for CONFIG_MODULE_SIG Thomas Weißschuh
2026-01-30 20:43 ` Aaron Tomlin
2026-02-06 8:25 ` Nicolas Schier
2026-03-10 21:11 ` Eric Biggers
2026-01-13 12:28 ` [PATCH v4 03/17] ima: efi: Drop unnecessary check for CONFIG_MODULE_SIG/CONFIG_KEXEC_SIG Thomas Weißschuh
2026-01-30 20:49 ` Aaron Tomlin
2026-02-06 8:25 ` Nicolas Schier
2026-03-10 21:11 ` Eric Biggers
2026-01-13 12:28 ` [PATCH v4 04/17] module: Make mod_verify_sig() static Thomas Weißschuh
2026-01-30 20:53 ` Aaron Tomlin
2026-02-06 8:25 ` Nicolas Schier
2026-03-10 21:12 ` Eric Biggers
2026-01-13 12:28 ` [PATCH v4 05/17] module: Switch load_info::len to size_t Thomas Weißschuh
2026-02-06 8:18 ` David Howells
2026-02-06 8:34 ` Thomas Weißschuh
2026-02-06 8:30 ` Nicolas Schier
2026-02-06 8:38 ` Thomas Weißschuh
2026-02-06 8:55 ` Nicolas Schier
2026-02-06 9:09 ` Christophe Leroy (CS GROUP)
2026-02-06 9:18 ` Thomas Weißschuh
2026-01-13 12:28 ` [PATCH v4 06/17] kbuild: add stamp file for vmlinux BTF data Thomas Weißschuh
2026-02-06 16:28 ` Nicolas Schier
2026-03-10 21:36 ` Eric Biggers
2026-03-11 12:58 ` Thomas Weißschuh
2026-01-13 12:28 ` [PATCH v4 07/17] kbuild: generate module BTF based on vmlinux.unstripped Thomas Weißschuh
2026-02-06 16:37 ` Nicolas Schier
2026-01-13 12:28 ` [PATCH v4 08/17] module: Deduplicate signature extraction Thomas Weißschuh
2026-01-27 15:20 ` Petr Pavlu
2026-02-03 12:41 ` Thomas Weißschuh
2026-01-13 12:28 ` Thomas Weißschuh [this message]
2026-03-10 22:01 ` [PATCH v4 09/17] module: Make module loading policy usable without MODULE_SIG Eric Biggers
2026-03-11 12:59 ` Thomas Weißschuh
2026-01-13 12:28 ` [PATCH v4 10/17] module: Move integrity checks into dedicated function Thomas Weißschuh
2026-02-13 15:09 ` Nicolas Schier
2026-03-10 22:06 ` Eric Biggers
2026-01-13 12:28 ` [PATCH v4 11/17] module: Move lockdown check into generic module loader Thomas Weißschuh
2026-02-13 15:14 ` Nicolas Schier
2026-01-13 12:28 ` [PATCH v4 12/17] module: Move signature splitting up Thomas Weißschuh
2026-01-29 14:41 ` Petr Pavlu
2026-02-03 12:42 ` Thomas Weißschuh
2026-01-13 12:28 ` [PATCH v4 13/17] module: Report signature type to users Thomas Weißschuh
2026-01-29 14:44 ` Petr Pavlu
2026-02-03 12:44 ` Thomas Weißschuh
2026-01-13 12:28 ` [PATCH v4 14/17] lockdown: Make the relationship to MODULE_SIG a dependency Thomas Weißschuh
2026-02-13 15:32 ` Nicolas Schier
2026-01-13 12:28 ` [PATCH v4 15/17] module: Introduce hash-based integrity checking Thomas Weißschuh
2026-01-13 14:56 ` Sebastian Andrzej Siewior
2026-01-30 17:06 ` Petr Pavlu
2026-02-03 12:55 ` Thomas Weißschuh
2026-02-06 17:12 ` Nicolas Schier
2026-02-19 14:27 ` Nicolas Schier
2026-02-03 12:19 ` Petr Pavlu
2026-02-03 12:59 ` Thomas Weißschuh
2026-03-11 1:18 ` Eric Biggers
2026-02-21 21:38 ` Nicolas Schier
2026-02-23 7:53 ` Thomas Weißschuh
2026-02-23 18:41 ` Nicolas Schier
2026-02-23 21:43 ` Thomas Weißschuh
2026-02-24 16:14 ` Nicolas Schier
2026-03-11 1:12 ` Eric Biggers
2026-03-11 8:50 ` Sebastian Andrzej Siewior
2026-03-11 13:19 ` Thomas Weißschuh
2026-03-11 21:14 ` Eric Biggers
2026-01-13 12:29 ` [PATCH v4 16/17] kbuild: move handling of module stripping to Makefile.lib Thomas Weißschuh
2026-01-13 12:29 ` [PATCH v4 17/17] kbuild: make CONFIG_MODULE_HASHES compatible with module stripping Thomas Weißschuh
2026-01-31 7:36 ` [PATCH v4 00/17] module: Introduce hash-based integrity checking Mihai-Drosi Câju
2026-02-01 16:22 ` Thomas Weißschuh
2026-02-01 17:09 ` David Howells
2026-02-01 20:12 ` Eric Biggers
2026-02-02 9:21 ` David Howells
2026-02-02 18:30 ` Eric Biggers
2026-02-02 18:38 ` David Howells
2026-02-02 18:47 ` Eric Biggers
2026-02-03 8:18 ` James Bottomley
2026-02-03 8:22 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260113-module-hashes-v4-9-0b932db9b56b@weissschuh.net \
--to=linux@weissschuh.net \
--cc=arnd@arndb.de \
--cc=arnout@bzzt.net \
--cc=atomlin@atomlin.com \
--cc=bigeasy@linutronix.de \
--cc=chleroy@kernel.org \
--cc=christian@heusel.eu \
--cc=corbet@lwn.net \
--cc=da.gomez@kernel.org \
--cc=da.gomez@samsung.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=f.gruenbichler@proxmox.com \
--cc=jmorris@namei.org \
--cc=kpcyrd@archlinux.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maddy@linux.ibm.com \
--cc=mattia@mapreri.org \
--cc=mcaju95@gmail.com \
--cc=mcgrof@kernel.org \
--cc=mpe@ellerman.id.au \
--cc=nathan@kernel.org \
--cc=naveen@kernel.org \
--cc=nicolas.bouchinet@oss.cyber.gouv.fr \
--cc=nicolas.schier@linux.dev \
--cc=npiggin@gmail.com \
--cc=nsc@kernel.org \
--cc=paul@paul-moore.com \
--cc=petr.pavlu@suse.com \
--cc=roberto.sassu@huawei.com \
--cc=samitolvanen@google.com \
--cc=serge@hallyn.com \
--cc=xiujianfeng@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox