How feasable would it be to digitally sign kernel modules? Using a trusted local private key, a module could be signed at compile time. The kernel could be patched to disallow any unsigned modules from loading. I have no idea if this is technically possible, but Knark seems to be a persistent weakness in security measures such as Tripwire.
-------------- Sjarn Valkhoff
