New comment by ericonr on void-packages repository https://github.com/void-linux/void-packages/issues/27736#issuecomment-756150464 Comment: I don't see what advantage this brings, since an attacker who has access to the kernel modules could just as well change programs, libraries, or possibly even the kernel itself, making any signing moot. Furthermore, given that a lot of people might end up requiring one DKMS module or another (nvidia, zfs, ...), this would only be useful if they self built their own kernel with a custom config pointing to the additional key. And then they'd have to set up the whole infrastructure around actually signing the modules and such, plus somehow protect the key adequately.