1 |
Rainer, |
2 |
|
3 |
the handbook still recommends to build sound modules (and many many others) as |
4 |
module, because it is easier than doing a static configuration. Now, you can |
5 |
ask, why someone wants to build it static into the kernel. The answer is: |
6 |
Security ! |
7 |
|
8 |
Maybe you know this wiki article: |
9 |
https://wiki.gentoo.org/wiki/Signed_kernel_module_support |
10 |
|
11 |
This is a pre-condition for enabling LOCKDOWN in the kernel ... OR ... you |
12 |
have NO modules support (=monolithic kernel) ! So, you have the choice which |
13 |
way you want to go. |
14 |
|
15 |
I am using a monolithic kernel also. Dont try to enable lockdown in your |
16 |
kernel if you use unsigned modules. ;-) I wrote a big warning in my wiki |
17 |
article: |
18 |
https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/ |
19 |
Kernel_Hardening_with_KSPP |
20 |
|
21 |
Regards, |
22 |
Peter |
23 |
|
24 |
Am Sonntag, 23. Oktober 2022, 16:19:49 CEST schrieb Dr Rainer Woitok: |
25 |
> Peter, |
26 |
> |
27 |
> On Sunday, 2022-10-23 12:45:42 +0200, you wrote: |
28 |
> > ... |
29 |
> > we have a wiki article for this: |
30 |
> > https://wiki.gentoo.org/wiki/Kernel_Modules#Going_completely_.22module-les |
31 |
> > s.22 |
32 |
> When I built my first Gentoo system in 2019, the Handbook instructed to |
33 |
> build anything sound related as modules, if I remember correctly. Is |
34 |
> this no longer true? |
35 |
> |
36 |
> Sincerely, |
37 |
> Rainer |