summaryrefslogtreecommitdiffstats
path: root/security/loadpin
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2024-05-24 17:33:44 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2024-05-24 17:33:44 +0200
commitb0a9ba13ffdb9591d468d84f26ec2cefdd7625b4 (patch)
tree1d07c5f00a65ffdc626079a5dcca9c031cfd8527 /security/loadpin
parentMerge tag 'trace-tracefs-v6.10' of git://git.kernel.org/pub/scm/linux/kernel/... (diff)
parentkunit/fortify: Fix memcmp() test to be amplitude agnostic (diff)
downloadlinux-b0a9ba13ffdb9591d468d84f26ec2cefdd7625b4.tar.xz
linux-b0a9ba13ffdb9591d468d84f26ec2cefdd7625b4.zip
Merge tag 'hardening-v6.10-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardening fixes from Kees Cook: - loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression (Stephen Boyd) - ubsan: Restore dependency on ARCH_HAS_UBSAN - kunit/fortify: Fix memcmp() test to be amplitude agnostic * tag 'hardening-v6.10-rc1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: kunit/fortify: Fix memcmp() test to be amplitude agnostic ubsan: Restore dependency on ARCH_HAS_UBSAN loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression
Diffstat (limited to 'security/loadpin')
-rw-r--r--security/loadpin/Kconfig3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/loadpin/Kconfig b/security/loadpin/Kconfig
index 6724eaba3d36..848f8b4a6019 100644
--- a/security/loadpin/Kconfig
+++ b/security/loadpin/Kconfig
@@ -14,6 +14,9 @@ config SECURITY_LOADPIN
config SECURITY_LOADPIN_ENFORCE
bool "Enforce LoadPin at boot"
depends on SECURITY_LOADPIN
+ # Module compression breaks LoadPin unless modules are decompressed in
+ # the kernel.
+ depends on !MODULES || (MODULE_COMPRESS_NONE || MODULE_DECOMPRESS)
help
If selected, LoadPin will enforce pinning at boot. If not
selected, it can be enabled at boot with the kernel parameter