mirror of
https://github.com/edk2-porting/linux-next.git
synced 2025-01-10 06:34:17 +08:00
99d5cadfde
This is a preparatory patch for kexec_file_load() lockdown. A locked down kernel needs to prevent unsigned kernel images from being loaded with kexec_file_load(). Currently, the only way to force the signature verification is compiling with KEXEC_VERIFY_SIG. This prevents loading usigned images even when the kernel is not locked down at runtime. This patch splits KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE. Analogous to the MODULE_SIG and MODULE_SIG_FORCE for modules, KEXEC_SIG turns on the signature verification but allows unsigned images to be loaded. KEXEC_SIG_FORCE disallows images without a valid signature. Signed-off-by: Jiri Bohac <jbohac@suse.cz> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> cc: kexec@lists.infradead.org Signed-off-by: James Morris <jmorris@namei.org> |
||
|---|---|---|
| .. | ||
| ima_api.c | ||
| ima_appraise.c | ||
| ima_crypto.c | ||
| ima_fs.c | ||
| ima_init.c | ||
| ima_kexec.c | ||
| ima_main.c | ||
| ima_mok.c | ||
| ima_policy.c | ||
| ima_queue.c | ||
| ima_template_lib.c | ||
| ima_template_lib.h | ||
| ima_template.c | ||
| ima.h | ||
| Kconfig | ||
| Makefile | ||