Enable automatic signing of all modules

An XCCDF Rule

Details
Profiles
Prose

Description

Sign all modules during make modules_install. Without this option, modules must be signed manually, using the scripts/sign-file tool. The configuration that was used to build kernel is available at /boot/config-*. To check the configuration value for CONFIG_MODULE_SIG_ALL, run the following command: grep CONFIG_MODULE_SIG_ALL /boot/config-* For each kernel installed, a line with value "y" should be returned.

warning alert: Warning

There is no remediation for this besides re-compiling the kernel with the appropriate value for the config.

Rationale

This ensures the modules are signed during install process.

ID: xccdf_org.ssgproject.content_rule_kernel_config_module_sig_all
Severity: Medium
References: BP28(R18)
Updated: 8 months ago