forge/linux-pinenote
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-pinenote/Documentation/security
History
Kees Cook 9b091556a0 LSM: LoadPin for kernel file loading restrictions 
This LSM enforces that kernel-loaded files (modules, firmware, etc)
must all come from the same filesystem, with the expectation that
such a filesystem is backed by a read-only device such as dm-verity
or CDROM. This allows systems that have a verified and/or unchangeable
filesystem to enforce module and firmware loading restrictions without
needing to sign the files individually.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2016-04-21 10:47:27 +10:00
..
00-INDEX ima: new templates management mechanism 2013-10-25 17:17:04 -04:00
apparmor.txt
credentials.txt Documentation: clarify the purpose of LSMs 2011-11-16 12:37:27 +11:00
IMA-templates.txt ima: added support for new kernel cmdline parameter ima_template_fmt 2014-10-13 08:39:02 -04:00
keys-ecryptfs.txt encrypted-keys: move ecryptfs documentation to proper location 2011-06-30 19:08:14 +10:00
keys-request-key.txt
keys-trusted-encrypted.txt keys, trusted: seal with a TPM2 authorization policy 2015-12-20 15:27:13 +02:00
keys.txt KEYS: Merge the type-specific data with the payload data 2015-10-21 15:18:36 +01:00
LoadPin.txt LSM: LoadPin for kernel file loading restrictions 2016-04-21 10:47:27 +10:00
LSM.txt doc: LSM: update reference, kerneltrap.org no longer works 2014-06-19 15:15:28 +02:00
SELinux.txt
Smack.txt Smack: limited capability for changing process label 2015-10-19 12:06:47 -07:00
tomoyo.txt
Yama.txt Yama: remove needless CONFIG_SECURITY_YAMA_STACKED 2015-07-28 13:18:19 +10:00