On Wed, 20 Apr 2016, Kees Cook wrote: > This provides the mini-LSM "loadpin" that intercepts the now consolidated > kernel_file_read LSM hook so that a system can keep all loads coming from > a single trusted filesystem. This is what Chrome OS uses to pin kernel > module and firmware loading to the read-only crypto-verified dm-verity > partition so that kernel module signing is not needed. >
Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next -- James Morris <jmor...@namei.org>
