要关闭 CONFIG_MODULE_SIG,你需要在内核配置中将其设置为 n 或者注释掉。以下是具体步骤:
-
进入内核配置菜单:
使用命令make menuconfig进入内核配置菜单。 -
找到并禁用
CONFIG_MODULE_SIG:- 在菜单中,导航到 Enable loadable module support -> Module signature verification。
- 取消选中 Module signature verification,或者在
.config文件中手动将其设置为:# CONFIG_MODULE_SIG is not set
-
重新编译内核:
修改配置后,重新编译并安装内核以使更改生效。 -
注意依赖项:
如果其他选项依赖于CONFIG_MODULE_SIG,可能需要同时修改这些依赖项。例如,如果CONFIG_SECURITY_LOCKDOWN_LSM依赖于CONFIG_MODULE_SIG,你可能需要调整或禁用它。
通过这些步骤,你可以关闭内核模块签名验证功能。
Citations:
[1] https://xdaforums.com/t/i-cant-disable-kernel-modules-signature-config_module_sig-config_modversions-yconfig_module_sig-yconfig_module_sig_force-yconfig_module_sig_sha5.4631289/
[2] https://linuxsecurity.com/features/how-to-secure-the-linux-kernel
[3] https://www.kernel.org/doc/html/v4.15/admin-guide/module-signing.html
[4] https://stackoverflow.com/questions/29806414/how-to-disable-kernel-module-signing-in-linux
[5] https://blog.cloudflare.com/linux-kernel-hardening/
[6] https://wiki.gentoo.org/wiki/Signed_kernel_module_support
[7] https://kspp.github.io/Recommended_Settings.html
[8] https://unix.stackexchange.com/questions/505428/how-to-disable-kernel-module-installation-capability-in-unix-based-operating-sys
[9] https://forums.developer.nvidia.com/t/module-sign-key-ignore/301708
[10] https://forums.developer.nvidia.com/t/pcie-tegra194-module-verification-failed-signature-and-or-required-key-missing-tainting-kernel/311108
[11] https://docs.kernel.org/admin-guide/module-signing.html
[12] https://wiki.archlinux.org/title/Signed_kernel_modules
[13] https://blog.cloudflare.com/de-de/linux-kernel-hardening
[14] https://ima-doc.readthedocs.io/en/latest/ima-configuration.html
[15] https://askubuntu.com/questions/773734/how-to-install-module-ko-module-without-kernel-signature-or-kernel-rebuild-in-ub
[16] https://android.stackexchange.com/questions/207183/how-do-i-load-an-unsigned-kernel-module-to-my-signature-enforcing-kernel
[17] https://github.com/MotorolaMobilityLLC/kernel-msm/issues/182
[18] https://kernelnewbies.kernelnewbies.narkive.com/kKXLBu8C/how-to-disable-module-verification-failed-signature-and-or-required-key-missing-tainting-kernel
[19] https://forums.gentoo.org/viewtopic-t-1052534-start-0.html
[20] https://www.kernel.org/doc/html/v4.14/admin-guide/kernel-parameters.html
来自 Perplexity 的回答: pplx.ai/share
