diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-05-24 17:33:44 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-05-24 17:33:44 +0200 |
commit | b0a9ba13ffdb9591d468d84f26ec2cefdd7625b4 (patch) | |
tree | 1d07c5f00a65ffdc626079a5dcca9c031cfd8527 /security/loadpin | |
parent | Merge tag 'trace-tracefs-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/... (diff) | |
parent | kunit/fortify: Fix memcmp() test to be amplitude agnostic (diff) | |
download | linux-b0a9ba13ffdb9591d468d84f26ec2cefdd7625b4.tar.xz linux-b0a9ba13ffdb9591d468d84f26ec2cefdd7625b4.zip |
Merge tag 'hardening-v6.10-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardening fixes from Kees Cook:
- loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module
decompression (Stephen Boyd)
- ubsan: Restore dependency on ARCH_HAS_UBSAN
- kunit/fortify: Fix memcmp() test to be amplitude agnostic
* tag 'hardening-v6.10-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
kunit/fortify: Fix memcmp() test to be amplitude agnostic
ubsan: Restore dependency on ARCH_HAS_UBSAN
loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression
Diffstat (limited to 'security/loadpin')
-rw-r--r-- | security/loadpin/Kconfig | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig index 6724eaba3d36..848f8b4a6019 100644 --- a/security/loadpin/Kconfig +++ b/security/loadpin/Kconfig @@ -14,6 +14,9 @@ config SECURITY_LOADPIN config SECURITY_LOADPIN_ENFORCE bool "Enforce LoadPin at boot" depends on SECURITY_LOADPIN + # Module compression breaks LoadPin unless modules are decompressed in + # the kernel. + depends on !MODULES || (MODULE_COMPRESS_NONE || MODULE_DECOMPRESS) help If selected, LoadPin will enforce pinning at boot. If not selected, it can be enabled at boot with the kernel parameter |