logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Is Linux sensor kernel module signed?

EDR: Is Linux sensor kernel module signed?

Environment

  • EDR Linux sensor: All versions
  • Linux: All versions

Question

Is the Linux sensor kernel module signed?

Answer

Signing the kernel module is currently not on the roadmap.

The sensor package itself is signed, so once you extract the kernel module from that package you can generate a hash on the module and use that to check whether the module has been tampered with. Starting with the 7.1.0-lnx sensor there will also be a manifest that will have the hashes of all components in the package.

If a customer wants to use the EDR kernel module with Secure Boot they can use the procedure documented at Chapter 4. Signing kernel modules for secure boot Red Hat Enterprise Linux 8 | Red Hat Customer Port... for now to self-sign the module.

Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎11-02-2021
Views:
516
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.