On Fri, May 31, 2019 at 06:11:44AM +1000, James Morris wrote: > On Thu, 30 May 2019, Ke Wu wrote: > > > Linux kernel already provide MODULE_SIG and KEXEC_VERIFY_SIG to > > make sure loaded kernel module and kernel image are trusted. This > > patch adds a kernel command line option "loadpin.exclude" which > > allows to exclude specific file types from LoadPin. This is useful > > when people want to use different mechanisms to verify module and > > kernel image while still use LoadPin to protect the integrity of > > other files kernel loads. > > > > Signed-off-by: Ke Wu <mikewu@xxxxxxxxxx> > > --- > > Changelog since v1: > > - Mark ignore_read_file_id with __ro_after_init. > > - Mark parse_exclude() with __init. > > - Use ARRAY_SIZE(ignore_read_file_id) instead of READING_MAX_ID. > > Looks good! > > Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> Thanks! Applied to my for-next/loadpin branch at git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git and should be visible in linux-next in a few days. -- Kees Cook
