• Jiri Bohac's avatar
    kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE · 99d5cadf
    Jiri Bohac authored
    This is a preparatory patch for kexec_file_load() lockdown.  A locked down
    kernel needs to prevent unsigned kernel images from being loaded with
    kexec_file_load().  Currently, the only way to force the signature
    verification is compiling with KEXEC_VERIFY_SIG.  This prevents loading
    usigned images even when the kernel is not locked down at runtime.
    
    This patch splits KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE.
    Analogous to the MODULE_SIG and MODULE_SIG_FORCE for modules, KEXEC_SIG
    turns on the signature verification but allows unsigned images to be
    loaded.  KEXEC_SIG_FORCE disallows images without a valid signature.
    Signed-off-by: default avatarJiri Bohac <jbohac@suse.cz>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarMatthew Garrett <mjg59@google.com>
    cc: kexec@lists.infradead.org
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    99d5cadf
Kconfig 27.4 KB