diff --git a/.github/workflows/linuxkm.yml b/.github/workflows/linuxkm.yml
new file mode 100644
index 000000000..8ea51b234
--- /dev/null
+++ b/.github/workflows/linuxkm.yml
@@ -0,0 +1,47 @@
+name: Kernel Module Build
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_library:
+    strategy:
+      matrix:
+        config: [
+          'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --enable-sp-asm --enable-crypttests --enable-reproducible-build CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096" --with-max-rsa-bits=16384'
+        ]
+    name: build module
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Build libwolfssl.ko, targeting GitHub ubuntu-latest, with --enable-all, PQC, and smallstack and stack depth warnings
+        run: |
+          echo "updating linux-headers"
+          sudo apt-get update || $(exit 2)
+          sudo apt-get install linux-headers-$(uname -r) -y || $(exit 3)
+          echo "preparing target kernel $(uname -r)"
+          pushd "/lib/modules/$(uname -r)/build" || $(exit 4)
+          if [ -f /proc/config.gz ]; then gzip -dc /proc/config.gz > /tmp/.config && sudo mv /tmp/.config . || $(exit 5); elif [ -f "/boot/config-$(uname -r)" ]; then sudo cp -p "/boot/config-$(uname -r)" .config || $(exit 6); fi
+          sudo make -j 4 oldconfig || $(exit 7)
+          sudo make M="$(pwd)" modules_prepare || $(exit 8)
+          popd >/dev/null
+          ./autogen.sh || $(exit 9)
+          echo "running ./configure ... ${{ matrix.config }}"
+          ./configure --with-linux-source=/lib/modules/$(uname -r)/build ${{ matrix.config }} || $(exit 10)
+          # try to remove profiling (-pg) because it leads to "_mcleanup: gmon.out: Permission denied"
+          make -j 4 KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1 || $(exit 11)
+          ls -l linuxkm/libwolfssl.ko || $(exit 12)
+          echo "Successful linuxkm build."
diff --git a/linuxkm/Makefile b/linuxkm/Makefile
index 98198f35c..7fb380cea 100644
--- a/linuxkm/Makefile
+++ b/linuxkm/Makefile
@@ -98,6 +98,9 @@ else
 endif
 
 libwolfssl.ko.signed: libwolfssl.ko
+ifdef FORCE_NO_MODULE_SIG
+	@echo 'Skipping module signature operation because FORCE_NO_MODULE_SIG.'
+else
 	@cd '$(KERNEL_ROOT)' || exit $$?;							\
 	while read configline; do								\
 		case "$$configline" in								\
@@ -127,6 +130,7 @@ libwolfssl.ko.signed: libwolfssl.ko
 			echo "  Module $@ signed by $${CONFIG_MODULE_SIG_KEY}.";		\
 		fi										\
 	fi
+endif
 
 
 .PHONY: install modules_install