[PATCH v6 3/8] ima: based on policy require signed kexec kernel images
Kees Cook
keescook at chromium.org
Sun Jul 15 02:21:38 UTC 2018
On Fri, Jul 13, 2018 at 11:05 AM, Mimi Zohar <zohar at linux.vnet.ibm.com> wrote:
> The original kexec_load syscall can not verify file signatures, nor can
> the kexec image be measured. Based on policy, deny the kexec_load
> syscall.
>
> Signed-off-by: Mimi Zohar <zohar at linux.vnet.ibm.com>
> Cc: Eric Biederman <ebiederm at xmission.com>
> Cc: Kees Cook <keescook at chromium.org>
Reviewed-by: Kees Cook <keescook at chromium.org>
-Kees
--
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list