Thanks for pushing the patch! On Thu, May 30, 2019 at 7:23 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > On Fri, May 31, 2019 at 06:11:44AM +1000, James Morris wrote: > > On Thu, 30 May 2019, Ke Wu wrote: > > > > > Linux kernel already provide MODULE_SIG and KEXEC_VERIFY_SIG to > > > make sure loaded kernel module and kernel image are trusted. This > > > patch adds a kernel command line option "loadpin.exclude" which > > > allows to exclude specific file types from LoadPin. This is useful > > > when people want to use different mechanisms to verify module and > > > kernel image while still use LoadPin to protect the integrity of > > > other files kernel loads. > > > > > > Signed-off-by: Ke Wu <mikewu@xxxxxxxxxx> > > > --- > > > Changelog since v1: > > > - Mark ignore_read_file_id with __ro_after_init. > > > - Mark parse_exclude() with __init. > > > - Use ARRAY_SIZE(ignore_read_file_id) instead of READING_MAX_ID. > > > > Looks good! > > > > Reviewed-by: James Morris <jamorris@xxxxxxxxxxxxxxxxxxx> > > Thanks! Applied to my for-next/loadpin branch at > git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git > and should be visible in linux-next in a few days. > > -- > Kees Cook -- Ke Wu | Software Engineer | mikewu@xxxxxxxxxx | Google Inc.
