linux-imx

    help

      Any files read through the kernel file reading interface

      (kernel modules, firmware, kexec images, security policy)

      can be pinned to the first filesystem used for loading. When

      enabled, any files that come from other filesystems will be

      rejected. This is best used on systems without an initrd that

      have a root filesystem backed by a read-only device such as

      dm-verity or a CDROM.

​

    bool "Enforce LoadPin at boot"

    depends on SECURITY_LOADPIN

    help

      If selected, LoadPin will enforce pinning at boot. If not

      selected, it can be enabled at boot with the kernel parameter