averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-04-29 12:28:27 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4302806dbfea3efe9909c00a8bfabdf9c07fc77f
linux-stable-mirror/kernel/kexec_file.c
T
Coiby Xu 2340428c90 ima: force signature verification when CONFIG_KEXEC_SIG is configured 
[ Upstream commit af16df54b8 ]

Currently, an unsigned kernel could be kexec'ed when IMA arch specific
policy is configured unless lockdown is enabled. Enforce kernel
signature verification check in the kexec_file_load syscall when IMA
arch specific policy is configured.

Fixes: 99d5cadfde ("kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE")
Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-07-21 21:24:29 +02:00

33 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink