On Thu, 30 May 2019, Ke Wu wrote: > Linux kernel already provide MODULE_SIG and KEXEC_VERIFY_SIG to > make sure loaded kernel module and kernel image are trusted. This > patch adds a kernel command line option "loadpin.exclude" which > allows to exclude specific file types from LoadPin. This is useful > when people want to use different mechanisms to verify module and > kernel image while still use LoadPin to protect the integrity of > other files kernel loads. > > Signed-off-by: Ke Wu <mikewu@xxxxxxxxxx> > --- > Changelog since v1: > - Mark ignore_read_file_id with __ro_after_init. > - Mark parse_exclude() with __init. > - Use ARRAY_SIZE(ignore_read_file_id) instead of READING_MAX_ID. Looks good! Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> -- James Morris <jmorris@xxxxxxxxx>
