That is a critical observation. Last time I had to root an Android device it hat pretty robust defenses like dm-verity and strict SELinux policies (correctly configured) and then everything collapsed because the system loaded a exfat kernel module from an unverified filesystem.
Permitting user-loaded kernel modules effectively invalidates all other security measures.
What would it be checking against? There's no central signing authority the way there is with Windows. (I mean I guess a distro could implement that but then how would I load my own custom modules?)
The kernel provides the option to embed a signing key for kernel modules at compile time. But (AFAIK) you'll need to compile your own kernel to go that route.
iberator|1 month ago
fc417fc802|1 month ago
The kernel provides the option to embed a signing key for kernel modules at compile time. But (AFAIK) you'll need to compile your own kernel to go that route.
stackghost|1 month ago
surajrmal|1 month ago