ima: force signature verification when CONFIG_KEXEC_SIG is configured

[linux-2.6-microblaze.git] / security / integrity / ima / ima_efi.c

diff --git a/security/integrity/ima/ima_efi.c b/security/integrity/ima/ima_efi.c
index 71786d0..9db66fe 100644 (file)
--- a/security/integrity/ima/ima_efi.c
+++ b/security/integrity/ima/ima_efi.c
@@ -67,6 +67,8 @@ const char * const *arch_get_ima_policy(void)
        if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && arch_ima_get_secureboot()) {
                if (IS_ENABLED(CONFIG_MODULE_SIG))
                        set_module_sig_enforced();
+               if (IS_ENABLED(CONFIG_KEXEC_SIG))
+                       set_kexec_sig_enforced();
                return sb_arch_rules;
        }
        return NULL;