Hi, sorry for replying to such an old thread. On Thu, Nov 09, 2017 at 05:31:38PM +0000, David Howells wrote: > When KEXEC_VERIFY_SIG is not enabled, kernel should not load images through > kexec_file systemcall if the kernel is locked down unless IMA can be used > to validate the image. I don't like the idea that the lockdown (which is a runtime thing) requires a compile time option (KEXEC_VERIFY_SIG) that forces the verification even when the kernel is then not locked down at runtime. Distribution kernels will then have KEXEC_VERIFY_SIG on and everyone will need signed kexec images even when totally uninterested in secureboot. So instead of this patch, I propose the two followup patches that split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE just as we have with modules: [PATCH 08a/30] kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE [PATCH 08b/30] kexec_file: Restrict at runtime if the kernel is locked down Lockdown would not require KEXEC_SIG_FORCE but when enabled it would check the signature. Thanks, -- Jiri Bohac <jbohac@xxxxxxx> SUSE Labs, Prague, Czechia -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
