-
Task
-
Resolution: Not a Bug
-
Undefined
-
None
-
None
-
None
-
rhel-sst-kernel-ft
-
ssg_core_kernel
-
5
-
False
-
The FuSa and Automotive teams want to enable strict module loading in RHIVOS (rhel-9:9.4-automotive) but want to allow users to load self-built modules in the public repo (centos-stream-9:main-automotive).
This makes sense to me. We definitely want higher security in our RHIVOS product by restricting module loads, and at the same time we want public users to be able to easily debug their modules.
My plan is to use the rhel specfile variable, and just add some code to override the value of CONFIG_MODULE_SIG_FORCE to 'y' in RHIVOS, and keep it as 'is not set' in the public repo.