^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) # SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) config SECURITY_LOADPIN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) bool "Pin load of kernel files (modules, fw, etc) to one filesystem"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) depends on SECURITY && BLOCK
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) Any files read through the kernel file reading interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) (kernel modules, firmware, kexec images, security policy)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) can be pinned to the first filesystem used for loading. When
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) enabled, any files that come from other filesystems will be
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) rejected. This is best used on systems without an initrd that
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) have a root filesystem backed by a read-only device such as
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) dm-verity or a CDROM.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) config SECURITY_LOADPIN_ENFORCE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) bool "Enforce LoadPin at boot"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) depends on SECURITY_LOADPIN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) help
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) If selected, LoadPin will enforce pinning at boot. If not
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) selected, it can be enabled at boot with the kernel parameter
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) "loadpin.enforce=1".
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags