~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/LSM/LoadPin.rst

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/LSM/LoadPin.rst (Version linux-6.11.5) and /Documentation/admin-guide/LSM/LoadPin.rst (Version linux-5.13.19)

  1 =======                                             1 =======
  2 LoadPin                                             2 LoadPin
  3 =======                                             3 =======
  4                                                     4 
  5 LoadPin is a Linux Security Module that ensure      5 LoadPin is a Linux Security Module that ensures all kernel-loaded files
  6 (modules, firmware, etc) all originate from th      6 (modules, firmware, etc) all originate from the same filesystem, with
  7 the expectation that such a filesystem is back      7 the expectation that such a filesystem is backed by a read-only device
  8 such as dm-verity or CDROM. This allows system      8 such as dm-verity or CDROM. This allows systems that have a verified
  9 and/or unchangeable filesystem to enforce modu      9 and/or unchangeable filesystem to enforce module and firmware loading
 10 restrictions without needing to sign the files     10 restrictions without needing to sign the files individually.
 11                                                    11 
 12 The LSM is selectable at build-time with ``CON     12 The LSM is selectable at build-time with ``CONFIG_SECURITY_LOADPIN``, and
 13 can be controlled at boot-time with the kernel     13 can be controlled at boot-time with the kernel command line option
 14 "``loadpin.enforce``". By default, it is enabl     14 "``loadpin.enforce``". By default, it is enabled, but can be disabled at
 15 boot ("``loadpin.enforce=0``").                    15 boot ("``loadpin.enforce=0``").
 16                                                    16 
 17 LoadPin starts pinning when it sees the first      17 LoadPin starts pinning when it sees the first file loaded. If the
 18 block device backing the filesystem is not rea     18 block device backing the filesystem is not read-only, a sysctl is
 19 created to toggle pinning: ``/proc/sys/kernel/     19 created to toggle pinning: ``/proc/sys/kernel/loadpin/enabled``. (Having
 20 a mutable filesystem means pinning is mutable      20 a mutable filesystem means pinning is mutable too, but having the
 21 sysctl allows for easy testing on systems with     21 sysctl allows for easy testing on systems with a mutable filesystem.)
 22                                                    22 
 23 It's also possible to exclude specific file ty     23 It's also possible to exclude specific file types from LoadPin using kernel
 24 command line option "``loadpin.exclude``". By      24 command line option "``loadpin.exclude``". By default, all files are
 25 included, but they can be excluded using kerne     25 included, but they can be excluded using kernel command line option such
 26 as "``loadpin.exclude=kernel-module,kexec-imag     26 as "``loadpin.exclude=kernel-module,kexec-image``". This allows to use
 27 different mechanisms such as ``CONFIG_MODULE_S     27 different mechanisms such as ``CONFIG_MODULE_SIG`` and
 28 ``CONFIG_KEXEC_VERIFY_SIG`` to verify kernel m     28 ``CONFIG_KEXEC_VERIFY_SIG`` to verify kernel module and kernel image while
 29 still use LoadPin to protect the integrity of      29 still use LoadPin to protect the integrity of other files kernel loads. The
 30 full list of valid file types can be found in      30 full list of valid file types can be found in ``kernel_read_file_str``
 31 defined in ``include/linux/kernel_read_file.h`     31 defined in ``include/linux/kernel_read_file.h``.
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php