On Mon, 2018-07-02 at 11:31 -0700, J Freyensee wrote: > > On 7/2/18 7:37 AM, Mimi Zohar wrote: > > The original kexec_load syscall can not verify file signatures, nor can > > the kexec image be measured. Based on policy, deny the kexec_load > > syscall. > > > Curiosity question: I thought kexec_load() syscall was used to load a > crashdump? kexec is used to collect the memory used to analyze the crash dump. > If this is true, how would this work if kexec_load() is > being denied? I don't think I'd want to be hindered in cases where I'm > trying to diagnose a crash. For trusted & secure boot, we need a full measurement list and signature chain of trust rooted in HW. Permitting kexec_load would break these chains of trust. Permitting/denying kexec_load is based on a runtime IMA policy. Patch 6/8 "ima: add build time policy", in this patch set, introduces the concept of a build time policy. With these patches, you could configure your kernel and/or load an IMA policy permitting kexec_load. Mimi
