[linux.git] / kernel / module / Kconfig

# SPDX-License-Identifier: GPL-2.0-only
menuconfig MODULES
	bool "Enable loadable module support"
	modules
	help
	  Kernel modules are small pieces of compiled code which can
	  be inserted in the running kernel, rather than being
	  permanently built into the kernel.  You use the "modprobe"
	  tool to add (and sometimes remove) them.  If you say Y here,
	  many parts of the kernel can be built as modules (by
	  answering M instead of Y where indicated): this is most
	  useful for infrequently used options which are not required
	  for booting.  For more information, see the man pages for
	  modprobe, lsmod, modinfo, insmod and rmmod.

	  If you say Y here, you will need to run "make
	  modules_install" to put the modules under /lib/modules/
	  where modprobe can find them (you may need to be root to do
	  this).

	  If unsure, say Y.

if MODULES

config MODULE_FORCE_LOAD
	bool "Forced module loading"
	default n
	help
	  Allow loading of modules without version information (ie. modprobe
	  --force).  Forced module loading sets the 'F' (forced) taint flag and
	  is usually a really bad idea.

config MODULE_UNLOAD
	bool "Module unloading"
	help
	  Without this option you will not be able to unload any
	  modules (note that some modules may not be unloadable
	  anyway), which makes your kernel smaller, faster
	  and simpler.  If unsure, say Y.

config MODULE_FORCE_UNLOAD
	bool "Forced module unloading"
	depends on MODULE_UNLOAD
	help
	  This option allows you to force a module to unload, even if the
	  kernel believes it is unsafe: the kernel will remove the module
	  without waiting for anyone to stop using it (using the -f option to
	  rmmod).  This is mainly for kernel developers and desperate users.
	  If unsure, say N.

config MODULE_UNLOAD_TAINT_TRACKING
	bool "Tainted module unload tracking"
	depends on MODULE_UNLOAD
	default n
	help
	  This option allows you to maintain a record of each unloaded
	  module that tainted the kernel. In addition to displaying a
	  list of linked (or loaded) modules e.g. on detection of a bad
	  page (see bad_page()), the aforementioned details are also
	  shown. If unsure, say N.

config MODVERSIONS
	bool "Module versioning support"
	help
	  Usually, you have to use modules compiled with your kernel.
	  Saying Y here makes it sometimes possible to use modules
	  compiled for different kernels, by adding enough information
	  to the modules to (hopefully) spot any changes which would
	  make them incompatible with the kernel you are running.  If
	  unsure, say N.

config ASM_MODVERSIONS
	bool
	default HAVE_ASM_MODVERSIONS && MODVERSIONS
	help
	  This enables module versioning for exported symbols also from
	  assembly. This can be enabled only when the target architecture
	  supports it.

config MODULE_SRCVERSION_ALL
	bool "Source checksum for all modules"
	help
	  Modules which contain a MODULE_VERSION get an extra "srcversion"
	  field inserted into their modinfo section, which contains a
	  sum of the source files which made it.  This helps maintainers
	  see exactly which source was used to build a module (since
	  others sometimes change the module source without updating
	  the version).  With this option, such a "srcversion" field
	  will be created for all modules.  If unsure, say N.

config MODULE_SIG
	bool "Module signature verification"
	select MODULE_SIG_FORMAT
	help
	  Check modules for valid signatures upon load: the signature
	  is simply appended to the module. For more information see
	  <file:Documentation/admin-guide/module-signing.rst>.

	  Note that this option adds the OpenSSL development packages as a
	  kernel build dependency so that the signing tool can use its crypto
	  library.

	  You should enable this option if you wish to use either
	  CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
	  another LSM - otherwise unsigned modules will be loadable regardless
	  of the lockdown policy.

	  !!!WARNING!!!  If you enable this option, you MUST make sure that the
	  module DOES NOT get stripped after being signed.  This includes the
	  debuginfo strip done by some packagers (such as rpmbuild) and
	  inclusion into an initramfs that wants the module size reduced.

config MODULE_SIG_FORCE
	bool "Require modules to be validly signed"
	depends on MODULE_SIG
	help
	  Reject unsigned modules or signed modules for which we don't have a
	  key.  Without this, such modules will simply taint the kernel.

config MODULE_SIG_ALL
	bool "Automatically sign all modules"
	default y
	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
	help
	  Sign all modules during make modules_install. Without this option,
	  modules must be signed manually, using the scripts/sign-file tool.

comment "Do not forget to sign required modules with scripts/sign-file"
	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL

choice
	prompt "Which hash algorithm should modules be signed with?"
	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
	help
	  This determines which sort of hashing algorithm will be used during
	  signature generation.  This algorithm _must_ be built into the kernel
	  directly so that signature verification can take place.  It is not
	  possible to load a signed module containing the algorithm to check
	  the signature on that module.

config MODULE_SIG_SHA1
	bool "Sign modules with SHA-1"
	select CRYPTO_SHA1

config MODULE_SIG_SHA224
	bool "Sign modules with SHA-224"
	select CRYPTO_SHA256

config MODULE_SIG_SHA256
	bool "Sign modules with SHA-256"
	select CRYPTO_SHA256

config MODULE_SIG_SHA384
	bool "Sign modules with SHA-384"
	select CRYPTO_SHA512

config MODULE_SIG_SHA512
	bool "Sign modules with SHA-512"
	select CRYPTO_SHA512

endchoice

config MODULE_SIG_HASH
	string
	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
	default "sha1" if MODULE_SIG_SHA1
	default "sha224" if MODULE_SIG_SHA224
	default "sha256" if MODULE_SIG_SHA256
	default "sha384" if MODULE_SIG_SHA384
	default "sha512" if MODULE_SIG_SHA512

choice
	prompt "Module compression mode"
	help
	  This option allows you to choose the algorithm which will be used to
	  compress modules when 'make modules_install' is run. (or, you can
	  choose to not compress modules at all.)

	  External modules will also be compressed in the same way during the
	  installation.

	  For modules inside an initrd or initramfs, it's more efficient to
	  compress the whole initrd or initramfs instead.

	  This is fully compatible with signed modules.

	  Please note that the tool used to load modules needs to support the
	  corresponding algorithm. module-init-tools MAY support gzip, and kmod
	  MAY support gzip, xz and zstd.

	  Your build system needs to provide the appropriate compression tool
	  to compress the modules.

	  If in doubt, select 'None'.

config MODULE_COMPRESS_NONE
	bool "None"
	help
	  Do not compress modules. The installed modules are suffixed
	  with .ko.

config MODULE_COMPRESS_GZIP
	bool "GZIP"
	help
	  Compress modules with GZIP. The installed modules are suffixed
	  with .ko.gz.

config MODULE_COMPRESS_XZ
	bool "XZ"
	help
	  Compress modules with XZ. The installed modules are suffixed
	  with .ko.xz.

config MODULE_COMPRESS_ZSTD
	bool "ZSTD"
	help
	  Compress modules with ZSTD. The installed modules are suffixed
	  with .ko.zst.

endchoice

config MODULE_DECOMPRESS
	bool "Support in-kernel module decompression"
	depends on MODULE_COMPRESS_GZIP || MODULE_COMPRESS_XZ
	select ZLIB_INFLATE if MODULE_COMPRESS_GZIP
	select XZ_DEC if MODULE_COMPRESS_XZ
	help

	  Support for decompressing kernel modules by the kernel itself
	  instead of relying on userspace to perform this task. Useful when
	  load pinning security policy is enabled.

	  If unsure, say N.

config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
	bool "Allow loading of modules with missing namespace imports"
	help
	  Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
	  a namespace. A module that makes use of a symbol exported with such a
	  namespace is required to import the namespace via MODULE_IMPORT_NS().
	  There is no technical reason to enforce correct namespace imports,
	  but it creates consistency between symbols defining namespaces and
	  users importing namespaces they make use of. This option relaxes this
	  requirement and lifts the enforcement when loading a module.

	  If unsure, say N.

config MODPROBE_PATH
	string "Path to modprobe binary"
	default "/sbin/modprobe"
	help
	  When kernel code requests a module, it does so by calling
	  the "modprobe" userspace utility. This option allows you to
	  set the path where that binary is found. This can be changed
	  at runtime via the sysctl file
	  /proc/sys/kernel/modprobe. Setting this to the empty string
	  removes the kernel's ability to request modules (but
	  userspace can still load modules explicitly).

config TRIM_UNUSED_KSYMS
	bool "Trim unused exported kernel symbols" if EXPERT
	depends on !COMPILE_TEST
	help
	  The kernel and some modules make many symbols available for
	  other modules to use via EXPORT_SYMBOL() and variants. Depending
	  on the set of modules being selected in your kernel configuration,
	  many of those exported symbols might never be used.

	  This option allows for unused exported symbols to be dropped from
	  the build. In turn, this provides the compiler more opportunities
	  (especially when using LTO) for optimizing the code and reducing
	  binary size.  This might have some security advantages as well.

	  If unsure, or if you need to build out-of-tree modules, say N.

config UNUSED_KSYMS_WHITELIST
	string "Whitelist of symbols to keep in ksymtab"
	depends on TRIM_UNUSED_KSYMS
	help
	  By default, all unused exported symbols will be un-exported from the
	  build when TRIM_UNUSED_KSYMS is selected.

	  UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
	  exported at all times, even in absence of in-tree users. The value to
	  set here is the path to a text file containing the list of symbols,
	  one per line. The path can be absolute, or relative to the kernel
	  source tree.

config MODULES_TREE_LOOKUP
	def_bool y
	depends on PERF_EVENTS || TRACING || CFI_CLANG

endif # MODULES
Commit	Line	Data
73b4fc92 CL	1	# SPDX-License-Identifier: GPL-2.0-only
	2	menuconfig MODULES
	3	bool "Enable loadable module support"
	4	modules
	5	help
	6	Kernel modules are small pieces of compiled code which can
	7	be inserted in the running kernel, rather than being
	8	permanently built into the kernel. You use the "modprobe"
	9	tool to add (and sometimes remove) them. If you say Y here,
	10	many parts of the kernel can be built as modules (by
	11	answering M instead of Y where indicated): this is most
	12	useful for infrequently used options which are not required
	13	for booting. For more information, see the man pages for
	14	modprobe, lsmod, modinfo, insmod and rmmod.
	15
	16	If you say Y here, you will need to run "make
	17	modules_install" to put the modules under /lib/modules/
	18	where modprobe can find them (you may need to be root to do
	19	this).
	20
	21	If unsure, say Y.
	22
	23	if MODULES
	24
	25	config MODULE_FORCE_LOAD
	26	bool "Forced module loading"
	27	default n
	28	help
	29	Allow loading of modules without version information (ie. modprobe
	30	--force). Forced module loading sets the 'F' (forced) taint flag and
	31	is usually a really bad idea.
	32
	33	config MODULE_UNLOAD
	34	bool "Module unloading"
	35	help
	36	Without this option you will not be able to unload any
	37	modules (note that some modules may not be unloadable
	38	anyway), which makes your kernel smaller, faster
	39	and simpler. If unsure, say Y.
	40
	41	config MODULE_FORCE_UNLOAD
	42	bool "Forced module unloading"
	43	depends on MODULE_UNLOAD
	44	help
	45	This option allows you to force a module to unload, even if the
	46	kernel believes it is unsafe: the kernel will remove the module
	47	without waiting for anyone to stop using it (using the -f option to
	48	rmmod). This is mainly for kernel developers and desperate users.
	49	If unsure, say N.
	50
	51	config MODULE_UNLOAD_TAINT_TRACKING
	52	bool "Tainted module unload tracking"
	53	depends on MODULE_UNLOAD
	54	default n
	55	help
	56	This option allows you to maintain a record of each unloaded
	57	module that tainted the kernel. In addition to displaying a
	58	list of linked (or loaded) modules e.g. on detection of a bad
	59	page (see bad_page()), the aforementioned details are also
	60	shown. If unsure, say N.
	61
	62	config MODVERSIONS
	63	bool "Module versioning support"
	64	help
65	Usually, you have to use modules compiled with your kernel.
66	Saying Y here makes it sometimes possible to use modules
67	compiled for different kernels, by adding enough information
68	to the modules to (hopefully) spot any changes which would
69	make them incompatible with the kernel you are running. If
70	unsure, say N.
71
72	config ASM_MODVERSIONS
73	bool
74	default HAVE_ASM_MODVERSIONS && MODVERSIONS
75	help
76	This enables module versioning for exported symbols also from
77	assembly. This can be enabled only when the target architecture
78	supports it.
79
80	config MODULE_SRCVERSION_ALL
81	bool "Source checksum for all modules"
82	help
83	Modules which contain a MODULE_VERSION get an extra "srcversion"
84	field inserted into their modinfo section, which contains a
85	sum of the source files which made it. This helps maintainers
86	see exactly which source was used to build a module (since
87	others sometimes change the module source without updating
88	the version). With this option, such a "srcversion" field
89	will be created for all modules. If unsure, say N.
90
91	config MODULE_SIG
92	bool "Module signature verification"
93	select MODULE_SIG_FORMAT
94	help
95	Check modules for valid signatures upon load: the signature
96	is simply appended to the module. For more information see
97	<file:Documentation/admin-guide/module-signing.rst>.
98
99	Note that this option adds the OpenSSL development packages as a
100	kernel build dependency so that the signing tool can use its crypto
101	library.
102
103	You should enable this option if you wish to use either
104	CONFIG_SECURITY_LOCKDOWN_LSM or lockdown functionality imposed via
105	another LSM - otherwise unsigned modules will be loadable regardless
106	of the lockdown policy.
107
108	!!!WARNING!!! If you enable this option, you MUST make sure that the
109	module DOES NOT get stripped after being signed. This includes the
110	debuginfo strip done by some packagers (such as rpmbuild) and
111	inclusion into an initramfs that wants the module size reduced.
112
113	config MODULE_SIG_FORCE
114	bool "Require modules to be validly signed"
115	depends on MODULE_SIG
116	help
117	Reject unsigned modules or signed modules for which we don't have a
118	key. Without this, such modules will simply taint the kernel.
119
120	config MODULE_SIG_ALL
121	bool "Automatically sign all modules"
122	default y
123	depends on MODULE_SIG \|\| IMA_APPRAISE_MODSIG
124	help
125	Sign all modules during make modules_install. Without this option,
126	modules must be signed manually, using the scripts/sign-file tool.
127
128	comment "Do not forget to sign required modules with scripts/sign-file"
129	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
130
131	choice
132	prompt "Which hash algorithm should modules be signed with?"
133	depends on MODULE_SIG \|\| IMA_APPRAISE_MODSIG
134	help
135	This determines which sort of hashing algorithm will be used during
136	signature generation. This algorithm _must_ be built into the kernel
137	directly so that signature verification can take place. It is not
138	possible to load a signed module containing the algorithm to check
139	the signature on that module.
140
141	config MODULE_SIG_SHA1
142	bool "Sign modules with SHA-1"
143	select CRYPTO_SHA1
144
145	config MODULE_SIG_SHA224
146	bool "Sign modules with SHA-224"
147	select CRYPTO_SHA256
148
149	config MODULE_SIG_SHA256
150	bool "Sign modules with SHA-256"
151	select CRYPTO_SHA256
152
153	config MODULE_SIG_SHA384
154	bool "Sign modules with SHA-384"
155	select CRYPTO_SHA512
156
157	config MODULE_SIG_SHA512
158	bool "Sign modules with SHA-512"
159	select CRYPTO_SHA512
160
161	endchoice
162
163	config MODULE_SIG_HASH
164	string
165	depends on MODULE_SIG \|\| IMA_APPRAISE_MODSIG
166	default "sha1" if MODULE_SIG_SHA1
167	default "sha224" if MODULE_SIG_SHA224
168	default "sha256" if MODULE_SIG_SHA256
169	default "sha384" if MODULE_SIG_SHA384
170	default "sha512" if MODULE_SIG_SHA512
171
172	choice
173	prompt "Module compression mode"
174	help
175	This option allows you to choose the algorithm which will be used to
176	compress modules when 'make modules_install' is run. (or, you can
177	choose to not compress modules at all.)
178
179	External modules will also be compressed in the same way during the
180	installation.
181
182	For modules inside an initrd or initramfs, it's more efficient to
183	compress the whole initrd or initramfs instead.
184
185	This is fully compatible with signed modules.
186
187	Please note that the tool used to load modules needs to support the
188	corresponding algorithm. module-init-tools MAY support gzip, and kmod
189	MAY support gzip, xz and zstd.
190
191	Your build system needs to provide the appropriate compression tool
192	to compress the modules.
193
194	If in doubt, select 'None'.
195
196	config MODULE_COMPRESS_NONE
197	bool "None"
198	help
199	Do not compress modules. The installed modules are suffixed
200	with .ko.
201
202	config MODULE_COMPRESS_GZIP
203	bool "GZIP"
204	help
205	Compress modules with GZIP. The installed modules are suffixed
206	with .ko.gz.
207
208	config MODULE_COMPRESS_XZ
209	bool "XZ"
210	help
211	Compress modules with XZ. The installed modules are suffixed
212	with .ko.xz.
213
214	config MODULE_COMPRESS_ZSTD
215	bool "ZSTD"
216	help
217	Compress modules with ZSTD. The installed modules are suffixed
218	with .ko.zst.
219
220	endchoice
221
222	config MODULE_DECOMPRESS
223	bool "Support in-kernel module decompression"
224	depends on MODULE_COMPRESS_GZIP \|\| MODULE_COMPRESS_XZ
225	select ZLIB_INFLATE if MODULE_COMPRESS_GZIP
226	select XZ_DEC if MODULE_COMPRESS_XZ
227	help
228
229	Support for decompressing kernel modules by the kernel itself
230	instead of relying on userspace to perform this task. Useful when
231	load pinning security policy is enabled.
232
233	If unsure, say N.
234
235	config MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS
236	bool "Allow loading of modules with missing namespace imports"
237	help
238	Symbols exported with EXPORT_SYMBOL_NS*() are considered exported in
239	a namespace. A module that makes use of a symbol exported with such a
240	namespace is required to import the namespace via MODULE_IMPORT_NS().
241	There is no technical reason to enforce correct namespace imports,
242	but it creates consistency between symbols defining namespaces and
243	users importing namespaces they make use of. This option relaxes this
244	requirement and lifts the enforcement when loading a module.
245
246	If unsure, say N.
247
248	config MODPROBE_PATH
249	string "Path to modprobe binary"
250	default "/sbin/modprobe"
251	help
252	When kernel code requests a module, it does so by calling
253	the "modprobe" userspace utility. This option allows you to
254	set the path where that binary is found. This can be changed
255	at runtime via the sysctl file
256	/proc/sys/kernel/modprobe. Setting this to the empty string
257	removes the kernel's ability to request modules (but
258	userspace can still load modules explicitly).
259
260	config TRIM_UNUSED_KSYMS
261	bool "Trim unused exported kernel symbols" if EXPERT
262	depends on !COMPILE_TEST
263	help
264	The kernel and some modules make many symbols available for
265	other modules to use via EXPORT_SYMBOL() and variants. Depending
266	on the set of modules being selected in your kernel configuration,
267	many of those exported symbols might never be used.
268
269	This option allows for unused exported symbols to be dropped from
270	the build. In turn, this provides the compiler more opportunities
271	(especially when using LTO) for optimizing the code and reducing
272	binary size. This might have some security advantages as well.
273
274	If unsure, or if you need to build out-of-tree modules, say N.
275
276	config UNUSED_KSYMS_WHITELIST
277	string "Whitelist of symbols to keep in ksymtab"
278	depends on TRIM_UNUSED_KSYMS
279	help
280	By default, all unused exported symbols will be un-exported from the
281	build when TRIM_UNUSED_KSYMS is selected.
282
283	UNUSED_KSYMS_WHITELIST allows to whitelist symbols that must be kept
284	exported at all times, even in absence of in-tree users. The value to
285	set here is the path to a text file containing the list of symbols,
286	one per line. The path can be absolute, or relative to the kernel
287	source tree.
288
289	config MODULES_TREE_LOOKUP
290	def_bool y
291	depends on PERF_EVENTS \|\| TRACING \|\| CFI_CLANG
292
293	endif # MODULES