ima: based on policy require signed kexec kernel images (16c267aa) · Commits · Summer2022 / 22b970497

Commit 16c267aa authored 6 years ago by

Mimi Zohar Committed by James Morris 6 years ago

ima: based on policy require signed kexec kernel images

The original kexec_load syscall can not verify file signatures, nor can
the kexec image be measured.  Based on policy, deny the kexec_load
syscall.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>

parent a210fd32

No related branches found

No related tags found

Hide whitespace changes

Inline Side-by-side

Showing with 43 additions and 1 deletion

Please register or to comment