]>
Commit | Line | Data |
---|---|---|
9b091556 KC |
1 | config SECURITY_LOADPIN |
2 | bool "Pin load of kernel files (modules, fw, etc) to one filesystem" | |
3 | depends on SECURITY && BLOCK | |
4 | help | |
5 | Any files read through the kernel file reading interface | |
6 | (kernel modules, firmware, kexec images, security policy) will | |
7 | be pinned to the first filesystem used for loading. Any files | |
8 | that come from other filesystems will be rejected. This is best | |
9 | used on systems without an initrd that have a root filesystem | |
10 | backed by a read-only device such as dm-verity or a CDROM. |