If a signed modular jar is linked into a runtime image with jlink, the signing information (certificates, etc) is not retained, and the module cannot be used for additional policy (using the signedBy clause) or other types of authentication checks (ex: using the signer information in the module's CodeSource) at runtime. It is effectively treated as unsigned code.

In order to eliminate any potential confusion, jlink should warn a user that the linked module will be treated as unsigned at runtime.

Alternatives such as running the module from the modulepath or classpath (which would retain the signing information) may also be suggested (but would be a separate issue).