LSM: LoadPin for kernel file loading restrictions
This LSM enforces that kernel-loaded files (modules, firmware, etc) must all come from the same filesystem, with the expectation that such a filesystem is backed by a read-only device such as dm-verity or CDROM. This allows systems that have a verified and/or unchangeable filesystem to enforce module and firmware loading restrictions without needing to sign the files individually. Signed-off-by: NKees Cook <keescook@chromium.org> Acked-by: NSerge Hallyn <serge.hallyn@canonical.com> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
Showing
security/loadpin/Kconfig
0 → 100644
security/loadpin/Makefile
0 → 100644
security/loadpin/loadpin.c
0 → 100644
想要评论请 注册 或 登录