# # Module signing # # Force every kernel module shipped with VyOS to be signed at # build time. CONFIG_SYSTEM_TRUSTED_KEYS is set at build time # from build-kernel.sh once it has assembled the trusted keys # bundle, so it is intentionally absent from this fragment. # CONFIG_MODULE_SIG_FORMAT=y CONFIG_MODULE_SIG=y CONFIG_MODULE_SIG_FORCE=y CONFIG_MODULE_SIG_ALL=y # CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA256 is not set # CONFIG_MODULE_SIG_SHA384 is not set CONFIG_MODULE_SIG_SHA512=y CONFIG_MODULE_SIG_HASH="sha512" # # Certificates for signature checking # CONFIG_SYSTEM_TRUSTED_KEYRING=y CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" CONFIG_MODULE_SIG_KEY_TYPE_RSA=y # CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set