[PATCH] loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression
Kees Cook
keescook at chromium.org
Tue May 14 22:52:13 UTC 2024
On Tue, 14 May 2024 15:48:38 -0700, Stephen Boyd wrote:
> If modules are built compressed, and LoadPin is enforcing by default, we
> must have in-kernel module decompression enabled (MODULE_DECOMPRESS).
> Modules will fail to load without decompression built into the kernel
> because they'll be blocked by LoadPin. Add a depends on clause to
> prevent this combination.
>
>
> [...]
Applied to for-next/hardening, thanks!
[1/1] loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression
https://git.kernel.org/kees/c/bc9316c14441
Take care,
--
Kees Cook
More information about the Linux-security-module-archive
mailing list