[PATCH 08b/30] kexec_file: Restrict at runtime if the kernel is locked down

Jiri Bohac jbohac at suse.cz
Thu Jan 11 12:02:56 UTC 2018


When KEXEC_VERIFY_SIG is not enabled, kernel should not load images through
kexec_file systemcall if the kernel is locked down unless IMA can be used
to validate the image.

Signed-off-by: Jiri Bohac <jbohac at suse.cz>

diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -144,7 +144,13 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd,
 		pr_debug("kernel signature verification successful.\n");
 #endif
 
-	if (sig_err && IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
+	/* Don't permit images to be loaded into trusted kernels without
+	 * a valid signature on them
+	 */
+	if (sig_err &&
+	    (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE) ||
+	     (!is_ima_appraise_enabled() &&
+	      kernel_is_locked_down("kexec of unsigned images")))) {
 		ret = sig_err;
 		goto out;
 	}

-- 
Jiri Bohac <jbohac at suse.cz>
SUSE Labs, Prague, Czechia

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list