Hello Arne,

having a look at https://git.ipfire.org/ every now and then, I just stumbled across commit 831ff05d898cbf3484922d33573ee067782eb663 ("kernel: enable and enforce signed kernel modules", see: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=831ff05d898cbf3484922d33... ).

In my opinion, this makes post-exploitation activities like installing kernel rootkits much harder, as most of them appear as kernel modules. We talked about this quite a while ago, and I did not expect this change to be made in IPFire 2.x anymore.

Anyway: Thank you very much for providing it. :-)

Since it already has been commited, adding an Reviewed-by tag does not make sense anymore, but it's the willingness that counts!

Thanks, and best regards, Peter Müller