[PATCH 2/3] scripts/ima: define a set of common functions

Mimi Zohar zohar at linux.ibm.com
Thu Feb 28 15:05:43 UTC 2019


Hi Dave,

On Thu, 2019-02-28 at 21:41 +0800, Dave Young wrote:
> Hi Mimi,
>  
> Sorry for jumping in late, just noticed this kexec selftests, I think we
> also need a kexec load test not only for ima, but for general kexec

The IMA kselftest tests are for the coordination between the different
methods of verifying file signatures.  In particular, for the kexec
kernel image and kernel module signatures.

The initial IMA kselftest just verifies that in an environment
requiring signed kexec kernel images, the kexec_load syscall fails. 

This week I posted additional IMA kselftests[1][2], including one for
the kexec_file_load syscall.  I would really appreciate these
kselftests being reviewed/acked.

Mimi

[1] Subject: [PATCH v2 0/5] selftests/ima: add kexec and kernel module tests
[2] Patches available from the "next-queued-testing" branch
https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/



More information about the Linux-security-module-archive mailing list