Hi Mimi, all, > On Wed, 2026-01-07 at 16:57 +0100, Petr Vorel wrote: > > CONFIG_HAVE_IMA_KEXEC=y is enough for test, ie. test is working with:
> > # CONFIG_IMA_KEXEC is not set > > CONFIG_HAVE_IMA_KEXEC=y > > Probably obvious as CONFIG_HAVE_IMA_KEXEC is arch specific and > > CONFIG_IMA_KEXEC is "TPM PCRs are only reset on a hard reboot." > > and ima_kexec.c requires CONFIG_HAVE_IMA_KEXEC (only parts are skipped > > when CONFIG_IMA_KEXEC not set) but better to clarify for users. > > Signed-off-by: Petr Vorel <[email protected]> > > --- > > testcases/kernel/security/integrity/ima/tests/ima_kexec.sh | 3 +++ > > 1 file changed, 3 insertions(+) > > diff --git a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh > > b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh > > index 7688690af2..de595fcdd7 100755 > > --- a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh > > +++ b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh > > @@ -6,8 +6,11 @@ > > # Verify that kexec cmdline is measured correctly. > > # Test attempts to kexec the existing running kernel image. > > +# > > # To kexec a different kernel image export IMA_KEXEC_IMAGE=<pathname>. > > # Test requires example IMA policy loadable with LTP_IMA_LOAD_POLICY=1. > > +# > > +# Test requires CONFIG_HAVE_IMA_KEXEC=y (CONFIG_IMA_KEXEC is not > > mandatory). > Correct. The test verifies that the kernel image is measured. It does not > execute the kexec, so there is no need for carrying the IMA measurement list > across kexec (CONFIG_IMA_KEXEC). Thanks for having a look! I merged with your RBT (as we dicussed). Kind regards, Petr > > TST_NEEDS_CMDS="grep kexec sed" > > TST_CNT=3
