In addition to the PE/COFF and IMA xattr signatures, the kexec kernel
image can be signed with an appended signature, using the same
scripts/sign-file tool that is used to sign kernel modules.
This patch adds support for detecting a kernel image signed with an
appended signature and updates the existing test messages
appropriately.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Acked-by: Shuah Khan <skhan@linuxfoundation.org>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Reviewed-by: Jordan Hand <jorhand@linux.microsoft.com> (x86_64 QEMU)
Tested-by: Jordan Hand <jorhand@linux.microsoft.com> (x86_64 QEMU)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Skip the kexec_load and kexec_file_load tests, if they aren't configured
in the kernel. This change adds a new requirement that ikconfig is
configured in the kexec_load test.
Suggested-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
The kernel can be configured to verify PE signed kernel images, IMA
kernel image signatures, both types of signatures, or none. This test
verifies only properly signed kernel images are loaded into memory,
based on the kernel configuration and runtime policies.
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Mimi Zohar