diff options
| author | Coiby Xu <coxu@redhat.com> | 2022-07-13 15:21:11 +0800 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2022-07-13 10:13:41 -0400 |
| commit | af16df54b89dee72df253abc5e7b5e8a6d16c11c (patch) | |
| tree | d236aeb2c9b99d9e452b6382f016d3e1bc92fc8f /kernel/kexec_file.c | |
| parent | d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999 (diff) | |
| download | linux-af16df54b89dee72df253abc5e7b5e8a6d16c11c.tar.gz linux-af16df54b89dee72df253abc5e7b5e8a6d16c11c.tar.bz2 linux-af16df54b89dee72df253abc5e7b5e8a6d16c11c.zip | |
ima: force signature verification when CONFIG_KEXEC_SIG is configured
Currently, an unsigned kernel could be kexec'ed when IMA arch specific
policy is configured unless lockdown is enabled. Enforce kernel
signature verification check in the kexec_file_load syscall when IMA
arch specific policy is configured.
Fixes: 99d5cadfde2b ("kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE")
Reported-and-suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Coiby Xu <coxu@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'kernel/kexec_file.c')
| -rw-r--r-- | kernel/kexec_file.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 145321a5e798..f9261c07b048 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -29,6 +29,15 @@ #include <linux/vmalloc.h> #include "kexec_internal.h" +#ifdef CONFIG_KEXEC_SIG +static bool sig_enforce = IS_ENABLED(CONFIG_KEXEC_SIG_FORCE); + +void set_kexec_sig_enforced(void) +{ + sig_enforce = true; +} +#endif + static int kexec_calculate_store_digests(struct kimage *image); /* @@ -159,7 +168,7 @@ kimage_validate_signature(struct kimage *image) image->kernel_buf_len); if (ret) { - if (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) { + if (sig_enforce) { pr_notice("Enforced kernel signature verification failed (%d).\n", ret); return ret; } |