projects / linux-2.6-microblaze.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a210fd3) | patch
ima: based on policy require signed kexec kernel images
authorMimi Zohar <zohar@linux.vnet.ibm.com>
Fri, 13 Jul 2018 18:05:58 +0000 (14:05 -0400)
committerJames Morris <james.morris@microsoft.com>
Mon, 16 Jul 2018 19:31:57 +0000 (12:31 -0700)
commit16c267aac86b463b1fcccd43c89f4c8e5c5c86fa
tree550e6fcb00d732a3c018b3258302f8ffd61a4379tree | snapshot
parenta210fd32a46bae6d05b43860fe3b47732501d63bcommit | diff
ima: based on policy require signed kexec kernel images

The original kexec_load syscall can not verify file signatures, nor can
the kexec image be measured.  Based on policy, deny the kexec_load
syscall.

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
include/linux/ima.h diff | blob | history
security/integrity/ima/ima.h diff | blob | history
security/integrity/ima/ima_main.c diff | blob | history
security/integrity/ima/ima_policy.c diff | blob | history
security/security.c diff | blob | history
MicroBlaze GIT Repository