Pin load of kernel files (modules, fw, etc) to one filesystem
modulename: loadpin.ko
configname: CONFIG_SECURITY_LOADPIN
Linux Kernel Configuration
└─>Security options
└─>Pin load of kernel files (modules, fw, etc) to one filesystem
In linux kernel since version 4.1 (release Date: 2015-06-21)
Any files read through the kernel file reading interface
(kernel modules, firmware, kexec images, security policy)
can be pinned to the first filesystem used for loading. When
enabled, any files that come from other filesystems will be
rejected. This is best used on systems without an initrd that
have a root filesystem backed by a read-only device such as
dm-verity or a CDROM.
(kernel modules, firmware, kexec images, security policy)
can be pinned to the first filesystem used for loading. When
enabled, any files that come from other filesystems will be
rejected. This is best used on systems without an initrd that
have a root filesystem backed by a read-only device such as
dm-verity or a CDROM.