diff --git a/docs/en/docs/ShangMi/kernel-module-signing.md b/docs/en/docs/ShangMi/kernel-module-signing.md index 0119a8c54e5479fb5acf8f787b5730379255157f..4e3762c05724c1f57444f4dfc842d2b8647bd250 100644 --- a/docs/en/docs/ShangMi/kernel-module-signing.md +++ b/docs/en/docs/ShangMi/kernel-module-signing.md @@ -35,7 +35,7 @@ $ cat /path/to/mod.crt >> mod.pem Use the SM3 algorithm to sign the kernel module in the kernel compilation options. ``` -$ make openeuler_defconfig +$ make openEuler_defconfig $ make menuconfig ``` @@ -97,7 +97,7 @@ Other steps are the same as those in scenario 1. Add **module.sig_enforce** to the kernel startup parameters to enable forcible signature verification for the kernel module. ``` -linux /vmlinuz-5.10.0-106.1.0.55.oe2209.x86_64 root=/dev/mapper/openeuler-root ro resume=/dev/mapper/openeuler-swap rd.lvm.lv=openeuler/root rd.lvm.lv=openeuler/swap crashkernel=512M module.sig_enforce +linux /vmlinuz-5.10.0-106.1.0.55.oe2209.x86_64 root=/dev/mapper/openEuler-root ro resume=/dev/mapper/openEuler-swap rd.lvm.lv=openEuler/root rd.lvm.lv=openEuler/swap crashkernel=512M module.sig_enforce ``` After the system is restarted, only the kernel modules that pass the certificate verification can be loaded.