Hello!
I was wondering if you could recommend a kernel module that would fail miserably and reliably when inserting it into a "foreign" kernel, i.e. one for which the module was not built.
The plan is to store that module probe/key on an encrypted rootfs and watch for module errors that would indicate that the kernel image has been swapped.
EDIT: That module would get loaded by systemd, according to the list /etc/modules-load.d/modules.conf:
Code:
# List of modules to load at boot
module-that-does-not-play-nice-with-unfamiliar-kernels