On Wed, 20 Apr 2016, Kees Cook wrote: > This provides the mini-LSM "loadpin" that intercepts the now consolidated > kernel_file_read LSM hook so that a system can keep all loads coming from > a single trusted filesystem. This is what Chrome OS uses to pin kernel > module and firmware loading to the read-only crypto-verified dm-verity > partition so that kernel module signing is not needed. >
Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris <[email protected]> -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
