| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-05-17 | LSM: LoadPin: provide enablement CONFIG | Kees Cook | |
| Instead of being enabled by default when SECURITY_LOADPIN is selected, provide an additional (default off) config to determine the boot time behavior. As before, the "loadpin.enabled=0/1" kernel parameter remains available. Suggested-by: James Morris <jmorris@namei.org> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.l.morris@oracle.com> | |||
| 2016-04-21 | LSM: LoadPin for kernel file loading restrictions | Kees Cook | |
| This LSM enforces that kernel-loaded files (modules, firmware, etc) must all come from the same filesystem, with the expectation that such a filesystem is backed by a read-only device such as dm-verity or CDROM. This allows systems that have a verified and/or unchangeable filesystem to enforce module and firmware loading restrictions without needing to sign the files individually. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com> | |||
 |
index : linux-toradex.git | |
| Linux kernel for Apalis, Colibri and Verdin modules | Marcel Ziswiler |
| summaryrefslogtreecommitdiff |