Home
last modified time | relevance | path

Searched hist:"0 ff9848067b7b950a4ed70de7f5028600a2157e3" (Results 1 – 2 of 2) sorted by relevance

/openbmc/linux/Documentation/admin-guide/LSM/
H A DLoadPin.rstdiff 0ff9848067b7b950a4ed70de7f5028600a2157e3 Thu May 30 14:22:08 CDT 2019 Ke Wu <mikewu@google.com> security/loadpin: Allow to exclude specific file types

Linux kernel already provide MODULE_SIG and KEXEC_VERIFY_SIG to
make sure loaded kernel module and kernel image are trusted. This
patch adds a kernel command line option "loadpin.exclude" which
allows to exclude specific file types from LoadPin. This is useful
when people want to use different mechanisms to verify module and
kernel image while still use LoadPin to protect the integrity of
other files kernel loads.

Signed-off-by: Ke Wu <mikewu@google.com>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
[kees: fix array size issue reported by Coverity via Colin Ian King]
Signed-off-by: Kees Cook <keescook@chromium.org>
/openbmc/linux/security/loadpin/
H A Dloadpin.cdiff 0ff9848067b7b950a4ed70de7f5028600a2157e3 Thu May 30 14:22:08 CDT 2019 Ke Wu <mikewu@google.com> security/loadpin: Allow to exclude specific file types

Linux kernel already provide MODULE_SIG and KEXEC_VERIFY_SIG to
make sure loaded kernel module and kernel image are trusted. This
patch adds a kernel command line option "loadpin.exclude" which
allows to exclude specific file types from LoadPin. This is useful
when people want to use different mechanisms to verify module and
kernel image while still use LoadPin to protect the integrity of
other files kernel loads.

Signed-off-by: Ke Wu <mikewu@google.com>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
[kees: fix array size issue reported by Coverity via Colin Ian King]
Signed-off-by: Kees Cook <keescook@chromium.org>