The kernel does the module signature verification. Module signing makes it harder to load a suspicious module into the kernel. This allows them to be authenticated with the corresponding public key. When Secure Boot is enabled, system boot loaders, the Red Hat Enterprise Linux kernel, and all kernel modules must be cryptographically signed with a private key.
The protocol defines a process that prevents the loading of unsigned drivers, boot loaders, or kernel modules (or those with unacceptable digital signatures). Secure Boot is part of the Unified Extensible Firmware Interface (UEFI). In other words, it verifies that malicious code hasn't been inserted (by a rootkit or similar mechanism) in place of the kernel that the user has installed. It verifies that the code the firmware loads on a motherboard is the code that the user intends for the computer to load. Secure Boot is a protocol that enables a safe and trusted path during the Linux boot process. Linux system administration skills assessment.
0 kommentar(er)
