1 ======= 1 ======= 2 LoadPin 2 LoadPin 3 ======= 3 ======= 4 4 5 LoadPin is a Linux Security Module that ensure 5 LoadPin is a Linux Security Module that ensures all kernel-loaded files 6 (modules, firmware, etc) all originate from th 6 (modules, firmware, etc) all originate from the same filesystem, with 7 the expectation that such a filesystem is back 7 the expectation that such a filesystem is backed by a read-only device 8 such as dm-verity or CDROM. This allows system 8 such as dm-verity or CDROM. This allows systems that have a verified 9 and/or unchangeable filesystem to enforce modu 9 and/or unchangeable filesystem to enforce module and firmware loading 10 restrictions without needing to sign the files 10 restrictions without needing to sign the files individually. 11 11 12 The LSM is selectable at build-time with ``CON 12 The LSM is selectable at build-time with ``CONFIG_SECURITY_LOADPIN``, and 13 can be controlled at boot-time with the kernel 13 can be controlled at boot-time with the kernel command line option 14 "``loadpin.enforce``". By default, it is enabl !! 14 "``loadpin.enabled``". By default, it is enabled, but can be disabled at 15 boot ("``loadpin.enforce=0``"). !! 15 boot ("``loadpin.enabled=0``"). 16 16 17 LoadPin starts pinning when it sees the first 17 LoadPin starts pinning when it sees the first file loaded. If the 18 block device backing the filesystem is not rea 18 block device backing the filesystem is not read-only, a sysctl is 19 created to toggle pinning: ``/proc/sys/kernel/ 19 created to toggle pinning: ``/proc/sys/kernel/loadpin/enabled``. (Having 20 a mutable filesystem means pinning is mutable 20 a mutable filesystem means pinning is mutable too, but having the 21 sysctl allows for easy testing on systems with 21 sysctl allows for easy testing on systems with a mutable filesystem.) 22 << 23 It's also possible to exclude specific file ty << 24 command line option "``loadpin.exclude``". By << 25 included, but they can be excluded using kerne << 26 as "``loadpin.exclude=kernel-module,kexec-imag << 27 different mechanisms such as ``CONFIG_MODULE_S << 28 ``CONFIG_KEXEC_VERIFY_SIG`` to verify kernel m << 29 still use LoadPin to protect the integrity of << 30 full list of valid file types can be found in << 31 defined in ``include/linux/kernel_read_file.h` <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.