forked from Minki/linux
13523bef1e
LoadPin's "enabled" setting is really about enforcement, not whether or not the LSM is using LSM hooks. Instead, split this out so that LSM enabling can be logically distinct from whether enforcement is happening (for example, the pinning happens when the LSM is enabled, but the pin is only checked when "enforce" is set). This allows LoadPin to continue to operate sanely in test environments once LSM enable/disable is centrally handled (i.e. we want LoadPin to be enabled separately from its enforcement). Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johansen@canonical.com>
20 lines
781 B
Plaintext
20 lines
781 B
Plaintext
config SECURITY_LOADPIN
|
|
bool "Pin load of kernel files (modules, fw, etc) to one filesystem"
|
|
depends on SECURITY && BLOCK
|
|
help
|
|
Any files read through the kernel file reading interface
|
|
(kernel modules, firmware, kexec images, security policy)
|
|
can be pinned to the first filesystem used for loading. When
|
|
enabled, any files that come from other filesystems will be
|
|
rejected. This is best used on systems without an initrd that
|
|
have a root filesystem backed by a read-only device such as
|
|
dm-verity or a CDROM.
|
|
|
|
config SECURITY_LOADPIN_ENFORCE
|
|
bool "Enforce LoadPin at boot"
|
|
depends on SECURITY_LOADPIN
|
|
help
|
|
If selected, LoadPin will enforce pinning at boot. If not
|
|
selected, it can be enabled at boot with the kernel parameter
|
|
"loadpin.enforce=1".
|