Changes in Kconfig

d73ef9ec - loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported

Sun, 02 Mar 2025 10:38:31 +0000

loadpin: remove MODULE_COMPRESS_NONE as it is no longer supportedUpdated the MODULE_COMPRESS_NONE with MODULE_COMPRESS as it was no longeravailable from kernel modules. As MODULE_COMPRESS and MODULE_DECOMPRESSdepends on MODULES removing MODULES as well.Fixes: c7ff693fa209 ("module: Split modules_install compression and in-kernel decompression")Signed-off-by: Arulpandiyan Vadivel Link: https://lore.kernel.org/r/20250302103831.285381-1-arulpandiyan.vadivel@siemens.comSigned-off-by: Kees Cook List of files: /linux-6.15/security/loadpin/Kconfig

ce0d73ef - loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression

Tue, 14 May 2024 22:48:38 +0000

loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompressionIf modules are built compressed, and LoadPin is enforcing by default, wemust have in-kernel module decompression enabled (MODULE_DECOMPRESS).Modules will fail to load without decompression built into the kernelbecause they'll be blocked by LoadPin. Add a depends on clause toprevent this combination.Cc: Dmitry Torokhov Cc: Douglas Anderson Signed-off-by: Stephen Boyd Link: https://lore.kernel.org/r/20240514224839.2526112-1-swboyd@chromium.orgSigned-off-by: Kees Cook List of files: /linux-6.15/security/loadpin/Kconfig

6e42aec7 - LoadPin: Require file with verity root digests to have a header

Wed, 07 Sep 2022 01:18:12 +0000

LoadPin: Require file with verity root digests to have a headerLoadPin expects the file with trusted verity root digests to bean ASCII file with one digest (hex value) per line. A pinnedroot could contain files that meet these format requirements,even though the hex values don't represent trusted rootdigests.Add a new requirement to the file format which consists inthe first line containing a fixed string. This preventsattackers from feeding files with an otherwise valid formatto LoadPin.Suggested-by: Sarthak Kukreti Signed-off-by: Matthias Kaehlcke Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20220906181725.1.I3f51d1bb0014e5a5951be4ad3c5ad7c7ca1dfc32@changeid List of files: /linux-6.15/security/loadpin/Kconfig

aafc203b - LoadPin: Fix Kconfig doc about format of file with verity digests

Tue, 30 Aug 2022 00:46:10 +0000

LoadPin: Fix Kconfig doc about format of file with verity digestsThe doc for CONFIG_SECURITY_LOADPIN_VERITY says that the file with veritydigests must contain a comma separated list of digests. That was the caseat some stage of the development, but was changed during the reviewprocess to one digest per line. Update the Kconfig doc accordingly.Reported-by: Jae Hoon Kim Signed-off-by: Matthias Kaehlcke Fixes: 3f805f8cc23b ("LoadPin: Enable loading from trusted dm-verity devices")Cc: stable@vger.kernel.orgSigned-off-by: Kees Cook Link: https://lore.kernel.org/r/20220829174557.1.I5d202d1344212a3800d9828f936df6511eb2d0d1@changeid List of files: /linux-6.15/security/loadpin/Kconfig

3f805f8c - LoadPin: Enable loading from trusted dm-verity devices

Mon, 27 Jun 2022 15:35:25 +0000

LoadPin: Enable loading from trusted dm-verity devicesExtend LoadPin to allow loading of kernel files from trusted dm-verity [1]devices.This change adds the concept of trusted verity devices to LoadPin. LoadPinmaintains a list of root digests of verity devices it considers trusted.Userspace can populate this list through an ioctl on the new LoadPinsecurityfs entry 'dm-verity'. The ioctl receives a file descriptor ofa file with verity digests as parameter. Verity reads the digests fromthis file after confirming that the file is located on the pinned root.The digest file must contain one digest per line. The list of trusteddigests can only be set up once, which is typically done at boot time.When a kernel file is read LoadPin first checks (as usual) whether the fileis located on the pinned root, if so the file can be loaded. Otherwise, ifthe verity extension is enabled, LoadPin determines whether the file islocated on a verity backed device and whether the root digest of thatdevice is in the list of trusted digests. The file can be loaded if theverity device has a trusted root digest.Background:As of now LoadPin restricts loading of kernel files to a single pinnedfilesystem, typically the rootfs. This works for many systems, however itcan result in a bloated rootfs (and OTA updates) on platforms wheremultiple boards with different hardware configurations use the same rootfsimage. Especially when 'optional' files are large it may be preferable todownload/install them only when they are actually needed by a given board.Chrome OS uses Downloadable Content (DLC) [2] to deploy certain 'packages'at runtime. As an example a DLC package could contain firmware for aperipheral that is not present on all boards. DLCs use dm-verity to verifythe integrity of the DLC content.[1] https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html[2] https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/dlcservice/docs/developer.mdSigned-off-by: Matthias Kaehlcke Acked-by: Mike Snitzer Link: https://lore.kernel.org/lkml/20220627083512.v7.2.I01c67af41d2f6525c6d023101671d7339a9bc8b5@changeidSigned-off-by: Kees Cook List of files: /linux-6.15/security/loadpin/Kconfig

ec8f24b7 - treewide: Add SPDX license identifier - Makefile/Kconfig

Sun, 19 May 2019 12:07:45 +0000

treewide: Add SPDX license identifier - Makefile/KconfigAdd SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any formThese files fall under the project license, GPL v2 only. The resulting SPDXlicense identifier is: GPL-2.0-onlySigned-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman List of files: /linux-6.15/security/loadpin/Kconfig

13523bef - LoadPin: Rename boot param "enabled" to "enforce"

Mon, 24 Sep 2018 21:43:59 +0000

LoadPin: Rename boot param "enabled" to "enforce"LoadPin's "enabled" setting is really about enforcement, not whetheror not the LSM is using LSM hooks. Instead, split this out so that LSMenabling can be logically distinct from whether enforcement is happening(for example, the pinning happens when the LSM is enabled, but the pinis only checked when "enforce" is set). This allows LoadPin to continueto operate sanely in test environments once LSM enable/disable iscentrally handled (i.e. we want LoadPin to be enabled separately fromits enforcement).Signed-off-by: Kees Cook Reviewed-by: Casey Schaufler Reviewed-by: John Johansen List of files: /linux-6.15/security/loadpin/Kconfig

b937190c - LSM: LoadPin: provide enablement CONFIG

Tue, 17 May 2016 08:45:52 +0000

LSM: LoadPin: provide enablement CONFIGInstead of being enabled by default when SECURITY_LOADPIN is selected,provide an additional (default off) config to determine the boot timebehavior. As before, the "loadpin.enabled=0/1" kernel parameter remainsavailable.Suggested-by: James Morris Signed-off-by: Kees Cook Signed-off-by: James Morris List of files: /linux-6.15/security/loadpin/Kconfig

9b091556 - LSM: LoadPin for kernel file loading restrictions

Wed, 20 Apr 2016 22:46:28 +0000

LSM: LoadPin for kernel file loading restrictionsThis LSM enforces that kernel-loaded files (modules, firmware, etc)must all come from the same filesystem, with the expectation thatsuch a filesystem is backed by a read-only device such as dm-verityor CDROM. This allows systems that have a verified and/or unchangeablefilesystem to enforce module and firmware loading restrictions withoutneeding to sign the files individually.Signed-off-by: Kees Cook Acked-by: Serge Hallyn Signed-off-by: James Morris List of files: /linux-6.15/security/loadpin/Kconfig