GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-07-22 23:04:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

s390/kexec_file: Disable kexec_load when IPLed secure

Browse source 
A kernel loaded via kexec_load cannot be verified. Thus disable kexec_load
systemcall in kernels which where IPLed securely. Use the IMA mechanism to
do so.

Signed-off-by: Philipp Rudo <prudo@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
This commit is contained in:
Philipp Rudo 2019-03-26 15:45:53 +01:00 committed by Martin Schwidefsky
parent 99feaa717e
commit 268a784049
3 changed files with 17 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
include/linux/ima.h
View file

@ -31,7 +31,7 @@ extern void ima_post_path_mknod(struct dentry *dentry);
extern void ima_add_kexec_buffer(struct kimage *image);
#endif
#if defined(CONFIG_X86) && defined(CONFIG_EFI)
#if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390)
extern bool arch_ima_get_secureboot(void);
extern const char * const *arch_get_ima_policy(void);
#else