| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2016-05-17 | LSM: LoadPin: provide enablement CONFIG | Kees Cook | 2 | -6/+15 | |
| Instead of being enabled by default when SECURITY_LOADPIN is selected, provide an additional (default off) config to determine the boot time behavior. As before, the "loadpin.enabled=0/1" kernel parameter remains available. Suggested-by: James Morris <jmorris@namei.org> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com> | |||||
| 2016-04-21 | LSM: LoadPin for kernel file loading restrictions | Kees Cook | 3 | -0/+201 | |
| This LSM enforces that kernel-loaded files (modules, firmware, etc) must all come from the same filesystem, with the expectation that such a filesystem is backed by a read-only device such as dm-verity or CDROM. This allows systems that have a verified and/or unchangeable filesystem to enforce module and firmware loading restrictions without needing to sign the files individually. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> | |||||
 |
index : linux | |
| Linux Kernel (branches are rebased on master from time to time) | Linus Torvalds |
| summaryrefslogtreecommitdiffstats |