linux

iv/linux

Fork 0

Commit Graph

Author	SHA1	Message	Date
Mimi Zohar	cbc0425d3d	sefltest/ima: support appended signatures (modsig) In addition to the PE/COFF and IMA xattr signatures, the kexec kernel image can be signed with an appended signature, using the same scripts/sign-file tool that is used to sign kernel modules. This patch adds support for detecting a kernel image signed with an appended signature and updates the existing test messages appropriately. Reviewed-by: Petr Vorel <pvorel@suse.cz> Acked-by: Shuah Khan <skhan@linuxfoundation.org> Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Reviewed-by: Jordan Hand <jorhand@linux.microsoft.com> (x86_64 QEMU) Tested-by: Jordan Hand <jorhand@linux.microsoft.com> (x86_64 QEMU) Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>	2019-08-29 12:45:30 -04:00
Mimi Zohar	7cea0b9227	selftests/kexec: check kexec_load and kexec_file_load are enabled Skip the kexec_load and kexec_file_load tests, if they aren't configured in the kernel. This change adds a new requirement that ikconfig is configured in the kexec_load test. Suggested-by: Dave Young <dyoung@redhat.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>	2019-04-17 15:32:34 -06:00
Mimi Zohar	973b71c60f	selftests/kexec: kexec_file_load syscall test The kernel can be configured to verify PE signed kernel images, IMA kernel image signatures, both types of signatures, or none. This test verifies only properly signed kernel images are loaded into memory, based on the kernel configuration and runtime policies. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>	2019-04-17 15:32:24 -06:00

Author

SHA1

Message

Date

Mimi Zohar

cbc0425d3d

sefltest/ima: support appended signatures (modsig)

In addition to the PE/COFF and IMA xattr signatures, the kexec kernel
image can be signed with an appended signature, using the same
scripts/sign-file tool that is used to sign kernel modules.

This patch adds support for detecting a kernel image signed with an
appended signature and updates the existing test messages
appropriately.

Reviewed-by: Petr Vorel <pvorel@suse.cz>
Acked-by: Shuah Khan <skhan@linuxfoundation.org>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Reviewed-by: Jordan Hand <jorhand@linux.microsoft.com> (x86_64 QEMU)
Tested-by: Jordan Hand <jorhand@linux.microsoft.com> (x86_64 QEMU)
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

2019-08-29 12:45:30 -04:00

Mimi Zohar

7cea0b9227

selftests/kexec: check kexec_load and kexec_file_load are enabled

Skip the kexec_load and kexec_file_load tests, if they aren't configured
in the kernel.  This change adds a new requirement that ikconfig is
configured in the kexec_load test.

Suggested-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>

2019-04-17 15:32:34 -06:00

Mimi Zohar

973b71c60f

selftests/kexec: kexec_file_load syscall test

The kernel can be configured to verify PE signed kernel images, IMA
kernel image signatures, both types of signatures, or none.  This test
verifies only properly signed kernel images are loaded into memory,
based on the kernel configuration and runtime policies.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>

2019-04-17 15:32:24 -06:00

3 Commits