From f1af91b397f3b5316750bcd587c320b3acdfa33b Mon Sep 17 00:00:00 2001
From: k4yt3x <i@k4yt3x.com>
Date: Sun, 19 Oct 2025 00:00:00 +0000
Subject: [PATCH] docs(readme): add modules.sig_enforce boot param

Signed-off-by: k4yt3x <i@k4yt3x.com>
---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index fcaafaf..376dd9e 100644
--- a/README.md
+++ b/README.md
@@ -197,4 +197,8 @@ Additionally, here are some additional parameters that may be too restrictive fo
 # Restricts loading of unsigned kernel modules and other facilities
 # https://www.man7.org/linux/man-pages/man7/kernel_lockdown.7.html
 lockdown=confidentiality
+
+# Enforce kernel module signature verification
+# Only allow signed kernel modules to be loaded
+modules.sig_enforce=1
 ```