| 1 |
Rainer, |
| 2 |
|
| 3 |
the handbook still recommends to build sound modules (and many many others) as |
| 4 |
module, because it is easier than doing a static configuration. Now, you can |
| 5 |
ask, why someone wants to build it static into the kernel. The answer is: |
| 6 |
Security ! |
| 7 |
|
| 8 |
Maybe you know this wiki article: |
| 9 |
https://wiki.gentoo.org/wiki/Signed_kernel_module_support |
| 10 |
|
| 11 |
This is a pre-condition for enabling LOCKDOWN in the kernel ... OR ... you |
| 12 |
have NO modules support (=monolithic kernel) ! So, you have the choice which |
| 13 |
way you want to go. |
| 14 |
|
| 15 |
I am using a monolithic kernel also. Dont try to enable lockdown in your |
| 16 |
kernel if you use unsigned modules. ;-) I wrote a big warning in my wiki |
| 17 |
article: |
| 18 |
https://wiki.gentoo.org/wiki/User:Pietinger/Tutorials/ |
| 19 |
Kernel_Hardening_with_KSPP |
| 20 |
|
| 21 |
Regards, |
| 22 |
Peter |
| 23 |
|
| 24 |
Am Sonntag, 23. Oktober 2022, 16:19:49 CEST schrieb Dr Rainer Woitok: |
| 25 |
> Peter, |
| 26 |
> |
| 27 |
> On Sunday, 2022-10-23 12:45:42 +0200, you wrote: |
| 28 |
> > ... |
| 29 |
> > we have a wiki article for this: |
| 30 |
> > https://wiki.gentoo.org/wiki/Kernel_Modules#Going_completely_.22module-les |
| 31 |
> > s.22 |
| 32 |
> When I built my first Gentoo system in 2019, the Handbook instructed to |
| 33 |
> build anything sound related as modules, if I remember correctly. Is |
| 34 |
> this no longer true? |
| 35 |
> |
| 36 |
> Sincerely, |
| 37 |
> Rainer |
Archives