[mirror_ubuntu-bionic-kernel.git] / security / loadpin / Kconfig

config SECURITY_LOADPIN
	bool "Pin load of kernel files (modules, fw, etc) to one filesystem"
	depends on SECURITY && BLOCK
	help
	  Any files read through the kernel file reading interface
	  (kernel modules, firmware, kexec images, security policy) will
	  be pinned to the first filesystem used for loading. Any files
	  that come from other filesystems will be rejected. This is best
	  used on systems without an initrd that have a root filesystem
	  backed by a read-only device such as dm-verity or a CDROM.
Commit	Line	Data
9b091556 KC	1	config SECURITY_LOADPIN
	2	bool "Pin load of kernel files (modules, fw, etc) to one filesystem"
	3	depends on SECURITY && BLOCK
	4	help
	5	Any files read through the kernel file reading interface
	6	(kernel modules, firmware, kexec images, security policy) will
	7	be pinned to the first filesystem used for loading. Any files
	8	that come from other filesystems will be rejected. This is best
	9	used on systems without an initrd that have a root filesystem
	10	backed by a read-only device such as dm-verity or a CDROM.