~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/loadpin/Kconfig

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /security/loadpin/Kconfig (Version linux-6.12-rc7) and /security/loadpin/Kconfig (Version linux-2.6.0)


  1 # SPDX-License-Identifier: GPL-2.0-only           
  2 config SECURITY_LOADPIN                           
  3         bool "Pin load of kernel files (module    
  4         depends on SECURITY && BLOCK              
  5         help                                      
  6           Any files read through the kernel fi    
  7           (kernel modules, firmware, kexec ima    
  8           can be pinned to the first filesyste    
  9           enabled, any files that come from ot    
 10           rejected. This is best used on syste    
 11           have a root filesystem backed by a r    
 12           dm-verity or a CDROM.                   
 13                                                   
 14 config SECURITY_LOADPIN_ENFORCE                   
 15         bool "Enforce LoadPin at boot"            
 16         depends on SECURITY_LOADPIN               
 17         # Module compression breaks LoadPin un    
 18         # the kernel.                             
 19         depends on !MODULES || (MODULE_COMPRES    
 20         help                                      
 21           If selected, LoadPin will enforce pi    
 22           selected, it can be enabled at boot     
 23           "loadpin.enforce=1".                    
 24                                                   
 25 config SECURITY_LOADPIN_VERITY                    
 26         bool "Allow reading files from certain    
 27         depends on SECURITY_LOADPIN && DM_VERI    
 28         help                                      
 29           If selected LoadPin can allow readin    
 30           that use dm-verity. LoadPin maintain    
 31           digests it considers trusted. A veri    
 32           considered trusted if its root diges    
 33           of trusted digests.                     
 34                                                   
 35           The list of trusted verity can be po    
 36           on the LoadPin securityfs entry 'dm-    
 37           expects a file descriptor of a file     
 38           parameter. The file must be located     
 39           start with the line:                    
 40                                                   
 41           # LOADPIN_TRUSTED_VERITY_ROOT_DIGEST    
 42                                                   
 43           This is followed by the verity diges    
 44           line.                                   
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php