[PATCH v6 3/8] ima: based on policy require signed kexec kernel images

Kees Cook keescook at chromium.org
Sun Jul 15 02:21:38 UTC 2018


On Fri, Jul 13, 2018 at 11:05 AM, Mimi Zohar <zohar at linux.vnet.ibm.com> wrote:
> The original kexec_load syscall can not verify file signatures, nor can
> the kexec image be measured.  Based on policy, deny the kexec_load
> syscall.
>
> Signed-off-by: Mimi Zohar <zohar at linux.vnet.ibm.com>
> Cc: Eric Biederman <ebiederm at xmission.com>
> Cc: Kees Cook <keescook at chromium.org>

Reviewed-by: Kees Cook <keescook at chromium.org>

-Kees

-- 
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list