You would have to use a one-time GPG private key when building kernel+modules or the rootkit would use your private key, sign its module and load it.
That in turn means that `make modules` will have to rebuild the kernel I can live with that :)
Similarly, distributions couldn't leave the private key on their systems; if they'd be compromised, many other systems could be loading malafide modules again. Checking (on the network?) for a revoked GPG key seems to defeat the purpose of network modules; moreover, your whole kernel would be useless after revoking such a key.
Yet, if this can be used to prevent rootkits like adore to install themselves as invisibly as they can now, I'll start using it asap!
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds