Commit eb360267 authored by Coiby Xu's avatar Coiby Xu Committed by Greg Kroah-Hartman
Browse files

ima: force signature verification when CONFIG_KEXEC_SIG is configured 



[ Upstream commit af16df54 ]

Currently, an unsigned kernel could be kexec'ed when IMA arch specific
policy is configured unless lockdown is enabled. Enforce kernel
signature verification check in the kexec_file_load syscall when IMA
arch specific policy is configured.

Fixes: 99d5cadf ("kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE")
Reported-and-suggested-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: default avatarCoiby Xu <coxu@redhat.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 29c6a632
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment