Remove NSA encryption Speck

Question

The file speck.ko can be found in /lib/modules/4.18.1-041801-generic/kernel/crypto and it was built by the NSA (added since Linux Kernel 4.17).

I really want to remove this thing from my computer. If I see it in the /crypto folder, does it mean it is enabled by default and used somehow?

Answer 1

This can be done in two ways:

1. Via the /etc/modprobe.d/blacklist.conf file

   • Create that file (if it does not exist) and add the following line into it:

     blacklist CONFIG_CRYPTO_SPECK
     

   • Note: They might make it dependent on another module hence it will load regardless, so the workaround is to add the line in this way rather than how it is written above:

     install CONFIG_CRYPTO_SPECK /bin/false
     

     • This force the module to always fail loading and will effectively blacklist that module and any other that depends on it SO TAKE NOTE.

   • Then reboot.

2. Via command line:

   • Simply add this to your bootloader's kernel line

     module_blacklist=modname1,modname2,modname3
     # or
     modprobe.blacklist=MODULE_NAME
     

     • NOTE: When you are blacklisting more than one module, note that they are separated by commas only. Spaces or anything else might presumably break the syntax.

   • Then boot as normal and the module should not be loaded.

3. TIP:- From man modprobe I see the -b option which you can use after finding the name via lsmod:

   sudo lsmod
   sudo modprobe -b <name_of_module>
   

Sources:

https://itsfoss.com/nsas-encryption-algorithm-in-linux-kernel-is-creating-unease-in-the-community/?utm_source=newsletter&utm_medium=email&utm_campaign=nsas_controversial_algorithm_video_player_and_other_linux_stuff&utm_term=2018-08-20

https://wiki.archlinux.org/index.php/Kernel_module#Blacklisting