Kernel modules — Peios Learn

Concept

Kernel Modules — Overview and Design

What kernel modules are on Peios, the security premise behind the loading model, and the high-level policy posture.

Concept

Loading and Unloading Modules

The load/unload syscalls, authority gate via SeLoadDriverPrivilege, the userspace helper path, reference counting, and forced unload policy.

Concept

Module Signing and Trust

How the kernel verifies module signatures, the three trusted-key sources, the build-floor + registry knob policy model, and Secure Boot integration.

Concept

Module Parameters

Module-declared tunables — load-time and runtime — and the file-SD model that governs their mutation.

Concept

Module Dependencies and Metadata

How modules declare dependencies and exports, the depmod-built dependency database, vermagic and modversions ABI checks, and EXPORT_SYMBOL_GPL semantics.

Concept

Auto-loading and Lockdown

The request_module demand-load path, AutoLoadPolicy registry knob, blacklist mechanism, and the post-boot LockAfterBoot ratchet.

Concept

Tainting and Observability

The kernel-tainted flag bitfield — what each bit means, when it's set, how it's surfaced, and how taint events flow into audit.