Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-01 10:43:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
af16df54b8
linux/security/integrity
History
Coiby Xu af16df54b8 ima: force signature verification when CONFIG_KEXEC_SIG is configured 
Currently, an unsigned kernel could be kexec'ed when IMA arch specific
policy is configured unless lockdown is enabled. Enforce kernel
signature verification check in the kexec_file_load syscall when IMA
arch specific policy is configured.

Fixes: 99d5cadfde ("kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE")
Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2022-07-13 10:13:41 -04:00
..
evm Revert "evm: Fix memleak in init_desc" 2022-06-15 14:03:47 -04:00
ima ima: force signature verification when CONFIG_KEXEC_SIG is configured 2022-07-13 10:13:41 -04:00
platform_certs integrity-v5.19 2022-05-24 13:50:39 -07:00
digsig_asymmetric.c ima: fix reference leak in asymmetric_verify() 2022-01-24 18:37:36 -05:00
digsig.c ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
iint.c evm: Load EVM key in ima_load_x509() to avoid appraisal 2021-05-21 12:47:04 -04:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00
integrity.h ima: support fs-verity file digest based version 3 signatures 2022-05-05 17:41:51 -04:00
Kconfig integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00
Makefile integrity: Introduce a Linux keyring called machine 2022-03-08 13:55:52 +02:00