When KEXEC_VERIFY_SIG is not enabled, kernel should not load images through
kexec_file systemcall if the kernel is locked down unless IMA can be used
to validate the image.
Signed-off-by: Jiri Bohac <jbo...@suse.cz>
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -144,7 +144,13 @@ kimage_file_prepare_segments(struct kimage *image, int
kernel_fd, int initrd_fd,
pr_debug("kernel signature verification successful.\n");
#endif
- if (sig_err && IS_ENABLED(CONFIG_KEXEC_SIG_FORCE)) {
+ /* Don't permit images to be loaded into trusted kernels without
+ * a valid signature on them
+ */
+ if (sig_err &&
+ (IS_ENABLED(CONFIG_KEXEC_SIG_FORCE) ||
+ (!is_ima_appraise_enabled() &&
+ kernel_is_locked_down("kexec of unsigned images")))) {
ret = sig_err;
goto out;
}
--
Jiri Bohac <jbo...@suse.cz>
SUSE Labs, Prague, Czechia
