kexec: Allow kexec_file() with appropriate IMA policy when locked down

Systems in lockdown mode should block the kexec of untrusted kernels. For x86 and ARM we can ensure that a kernel is trustworthy by validating a PE signature, but this isn't possible on other architectures. On those platforms we can use IMA digital signatures instead. Add a function to determine whether IMA has or will verify signatures for a given event type, and if so permit kexec_file() even if the kernel is otherwise locked down. This is restricted to cases where CONFIG_INTEGRITY_TRUSTED_KEYRING is set in order to prevent an attacker from loading additional keys at runtime. Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Mimi Zohar <zohar@linux.ibm.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> Cc: linux-integrity@vger.kernel.org Signed-off-by: James Morris <jmorris@namei.org>
author: Matthew Garrett <matthewgarrett@google.com> 2019-08-19 17:18:01 -0700
committer: James Morris <jmorris@namei.org> 2019-08-19 21:54:16 -0700
commit: 29d3c1c8dfe752c01b7115ecd5a3142b232a38e1 (patch)
tree: 9a42db9e64c08db645dcf9689344d4f718b4d518 /security/integrity/ima/ima.h
parent: b0c8fdc7fdb77586c3d1937050925b960743306e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index ca10917b5f89..874bd77d3b91 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -111,6 +111,8 @@ struct ima_kexec_hdr {
 	u64 count;
 };
 
+extern const int read_idmap[];
+
 #ifdef CONFIG_HAVE_IMA_KEXEC
 void ima_load_kexec_buffer(void);
 #else
author	Matthew Garrett <matthewgarrett@google.com>	2019-08-19 17:18:01 -0700
committer	James Morris <jmorris@namei.org>	2019-08-19 21:54:16 -0700
commit	29d3c1c8dfe752c01b7115ecd5a3142b232a38e1 (patch)
tree	9a42db9e64c08db645dcf9689344d4f718b4d518 /security/integrity/ima/ima.h
parent	b0c8fdc7fdb77586c3d1937050925b960743306e (diff)