averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-03-13 09:18:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
aa40d5a43526cca9439a2b45fcfdcd016594dece
linux-stable-mirror/include/linux/kexec.h
Coiby Xu af16df54b8 ima: force signature verification when CONFIG_KEXEC_SIG is configured 
Currently, an unsigned kernel could be kexec'ed when IMA arch specific
policy is configured unless lockdown is enabled. Enforce kernel
signature verification check in the kexec_file_load syscall when IMA
arch specific policy is configured.

Fixes: 99d5cadfde ("kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE")
Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2022-07-13 10:13:41 -04:00

12 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink