[PATCH] loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression

Kees Cook keescook at chromium.org
Tue May 14 22:52:13 UTC 2024


On Tue, 14 May 2024 15:48:38 -0700, Stephen Boyd wrote:
> If modules are built compressed, and LoadPin is enforcing by default, we
> must have in-kernel module decompression enabled (MODULE_DECOMPRESS).
> Modules will fail to load without decompression built into the kernel
> because they'll be blocked by LoadPin. Add a depends on clause to
> prevent this combination.
> 
> 
> [...]

Applied to for-next/hardening, thanks!

[1/1] loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression
      https://git.kernel.org/kees/c/bc9316c14441

Take care,

-- 
Kees Cook




More information about the Linux-security-module-archive mailing list