• Matthew Garrett's avatar
    kexec: Allow kexec_file() with appropriate IMA policy when locked down · 29d3c1c8
    Matthew Garrett authored
    Systems in lockdown mode should block the kexec of untrusted kernels.
    For x86 and ARM we can ensure that a kernel is trustworthy by validating
    a PE signature, but this isn't possible on other architectures. On those
    platforms we can use IMA digital signatures instead. Add a function to
    determine whether IMA has or will verify signatures for a given event type,
    and if so permit kexec_file() even if the kernel is otherwise locked down.
    This is restricted to cases where CONFIG_INTEGRITY_TRUSTED_KEYRING is set
    in order to prevent an attacker from loading additional keys at runtime.
    Signed-off-by: default avatarMatthew Garrett <mjg59@google.com>
    Acked-by: default avatarMimi Zohar <zohar@linux.ibm.com>
    Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
    Cc: linux-integrity@vger.kernel.org
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    29d3c1c8
kexec_file.c 32.9 KB