mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-20 21:01:00 +07:00
Code Issues Packages Projects Releases Wiki Activity

readme

Browse Source
This commit is contained in:
Patrick Schleizer
2023-11-03 14:53:40 -04:00
parent 0242c04dc2
commit 978e3e4abd
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -90,7 +90,17 @@ TLB invalidation so devices will never be able to access stale data contents.
* Distrust the 'randomly' generated CPU and bootloader seeds. * Distrust the 'randomly' generated CPU and bootloader seeds.
### Disables and blacklists kernel modules ### Kernel Modules
#### Kernel Module Signature Verification
Not yet due to issues:
https://forums.whonix.org/t/enforce-kernel-module-software-signature-verification-module-signing-disallow-kernel-module-loading-by-default/7880/64
See:
* `/etc/default/grub.d/40_only_allow_signed_modules.cfg`
#### Disables and blacklists kernel modules
Certain kernel modules are disabled and blacklisted by default to reduce attack surface via the Certain kernel modules are disabled and blacklisted by default to reduce attack surface via the
`/etc/modprobe.d/30_security-misc.conf` configuration file. `/etc/modprobe.d/30_security-misc.conf` configuration file.