summaryrefslogtreecommitdiff
path: root/security/loadpin/Kconfig
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2016-04-20 15:46:28 -0700
committerJames Morris <james.l.morris@oracle.com>2016-04-21 10:47:27 +1000
commit9b091556a073a9f5f93e2ad23d118f45c4796a84 (patch)
tree075fffff80b5caad9738f633c83333dea9e04efd /security/loadpin/Kconfig
parent1284ab5b2dcb927d38e4f3fbc2e307f3d1af9262 (diff)
LSM: LoadPin for kernel file loading restrictions
This LSM enforces that kernel-loaded files (modules, firmware, etc) must all come from the same filesystem, with the expectation that such a filesystem is backed by a read-only device such as dm-verity or CDROM. This allows systems that have a verified and/or unchangeable filesystem to enforce module and firmware loading restrictions without needing to sign the files individually. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/loadpin/Kconfig')
-rw-r--r--security/loadpin/Kconfig10
1 files changed, 10 insertions, 0 deletions
diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig
new file mode 100644
index 000000000000..c668ac4eda65
--- /dev/null
+++ b/security/loadpin/Kconfig
@@ -0,0 +1,10 @@
+config SECURITY_LOADPIN
+ bool "Pin load of kernel files (modules, fw, etc) to one filesystem"
+ depends on SECURITY && BLOCK
+ help
+ Any files read through the kernel file reading interface
+ (kernel modules, firmware, kexec images, security policy) will
+ be pinned to the first filesystem used for loading. Any files
+ that come from other filesystems will be rejected. This is best
+ used on systems without an initrd that have a root filesystem
+ backed by a read-only device such as dm-verity or a CDROM.