On Tue, Apr 12, 2016 at 2:59 AM, James Morris <[email protected]> wrote: > On Wed, 6 Apr 2016, Kees Cook wrote: > >> This provides the mini-LSM "loadpin" that intercepts the now consolidated >> kernel_file_read LSM hook so that a system can keep all loads coming from >> a single trusted filesystem. This is what Chrome OS uses to pin kernel >> module and firmware loading to the read-only crypto-verified dm-verity >> partition so that kernel module signing is not needed. >> > > This all looks good to me, just waiting now for the const fix suggested by > Joe.
Okay, great, thanks! I've sent a v4 with the const change now. -Kees -- Kees Cook Chrome OS & Brillo Security
