Skip to content
Commit af16df54 authored by Coiby Xu's avatar Coiby Xu Committed by Mimi Zohar
Browse files

ima: force signature verification when CONFIG_KEXEC_SIG is configured 

Currently, an unsigned kernel could be kexec'ed when IMA arch specific
policy is configured unless lockdown is enabled. Enforce kernel
signature verification check in the kexec_file_load syscall when IMA
arch specific policy is configured.

Fixes: 99d5cadf

 ("kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE")
Reported-and-suggested-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: default avatarCoiby Xu <coxu@redhat.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent d2ee2cfc
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment