1 files changed, 10 insertions, 0 deletions
diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig
new file mode 100644
index 000000000000..c668ac4eda65
--- /dev/null
+++ b/security/loadpin/Kconfig
@@ -0,0 +1,10 @@
+config SECURITY_LOADPIN
+        bool "Pin load of kernel files (modules, fw, etc) to one filesystem"
+        depends on SECURITY && BLOCK
+        help
+          Any files read through the kernel file reading interface
+          (kernel modules, firmware, kexec images, security policy) will
+          be pinned to the first filesystem used for loading. Any files
+          that come from other filesystems will be rejected. This is best
+          used on systems without an initrd that have a root filesystem
+          backed by a read-only device such as dm-verity or a CDROM.

diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig new file mode 100644 index 000000000000..c668ac4eda65 --- /dev/null +++ b/security/loadpin/Kconfig
@@ -0,0 +1,10 @@
	1	config SECURITY_LOADPIN
	2	bool "Pin load of kernel files (modules, fw, etc) to one filesystem"
	3	depends on SECURITY && BLOCK
	4	help
	5	Any files read through the kernel file reading interface
	6	(kernel modules, firmware, kexec images, security policy) will
	7	be pinned to the first filesystem used for loading. Any files
	8	that come from other filesystems will be rejected. This is best
	9	used on systems without an initrd that have a root filesystem
	10	backed by a read-only device such as dm-verity or a CDROM.