forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2023-12-11 1f93a7dfd1f8d5ff7a5c53246c7534fe2332d6f4 
 kernel/Documentation/admin-guide/LSM/LoadPin.rst
....@@ -19,3 +19,13 @@
1919 created to toggle pinning: ``/proc/sys/kernel/loadpin/enabled``. (Having
2020 a mutable filesystem means pinning is mutable too, but having the
2121 sysctl allows for easy testing on systems with a mutable filesystem.)
22
+
23
+It's also possible to exclude specific file types from LoadPin using kernel
24
+command line option "``loadpin.exclude``". By default, all files are
25
+included, but they can be excluded using kernel command line option such
26
+as "``loadpin.exclude=kernel-module,kexec-image``". This allows to use
27
+different mechanisms such as ``CONFIG_MODULE_SIG`` and
28
+``CONFIG_KEXEC_VERIFY_SIG`` to verify kernel module and kernel image while
29
+still use LoadPin to protect the integrity of other files kernel loads. The
30
+full list of valid file types can be found in ``kernel_read_file_str``
31
+defined in ``include/linux/fs.h``.