On Fri, Jul 13, 2018 at 11:05 AM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > The original kexec_load syscall can not verify file signatures, nor can > the kexec image be measured. Based on policy, deny the kexec_load > syscall. > > Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> > Cc: Eric Biederman <ebiederm@xxxxxxxxxxxx> > Cc: Kees Cook <keescook@xxxxxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees -- Kees Cook Pixel Security