Appraise kexec kernel image signatures
configname: CONFIG_IMA_APPRAISE_REQUIRE_KEXEC_SIGS
Linux Kernel Configuration
└─>Security options
└─>Appraise kexec kernel image signatures
In linux kernel since version 3.10 (release Date: 2013-06-30)
Enabling this rule will require all kexec'ed kernel images to
be signed and verified by a public key on the trusted IMA
keyring.
Kernel image signatures can not be verified by the original
kexec_load syscall. Enabling this rule will prevent its
usage.
be signed and verified by a public key on the trusted IMA
keyring.
Kernel image signatures can not be verified by the original
kexec_load syscall. Enabling this rule will prevent its
usage.