Enable carrying the IMA measurement list across a soft boot
configname: CONFIG_IMA_KEXEC
Linux Kernel Configuration
└─>Security options
└─>Enable carrying the IMA measurement list across a soft boot
In linux kernel since version 4.1 (release Date: 2015-06-21)
TPM PCRs are only reset on a hard reboot. In order to validate
a TPM's quote after a soft boot, the IMA measurement list of the
running kernel must be saved and restored on boot.
Depending on the IMA policy, the measurement list can grow to
be very large.
a TPM's quote after a soft boot, the IMA measurement list of the
running kernel must be saved and restored on boot.
Depending on the IMA policy, the measurement list can grow to
be very large.