Verify kernel signature during kexec_file_load() syscall
configname: CONFIG_KEXEC_VERIFY_SIG
Linux Kernel Configuration
└─>Processor type and features
└─>Verify kernel signature during kexec_file_load() syscall
In linux kernel since version 3.10 (release Date: 2013-06-30)
This option makes kernel signature verification mandatory for
kexec_file_load() syscall. If kernel is signature can not be
verified, kexec_file_load() will fail.
This option enforces signature verification at generic level.
One needs to enable signature verification for type of kernel
image being loaded to make sure it works. For example, enable
bzImage signature verification option to be able to load and
verify signatures of bzImage. Otherwise kernel loading will fail.
kexec_file_load() syscall. If kernel is signature can not be
verified, kexec_file_load() will fail.
This option enforces signature verification at generic level.
One needs to enable signature verification for type of kernel
image being loaded to make sure it works. For example, enable
bzImage signature verification option to be able to load and
verify signatures of bzImage. Otherwise kernel loading will fail.