diff options
| author | Thiago Jung Bauermann <bauerman@linux.ibm.com> | 2019-07-04 20:57:34 +0200 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2019-08-06 00:39:56 +0200 |
| commit | c8424e776b093280d3fdd104d850706b3b229ac8 (patch) | |
| tree | 3f14381fe576439fa1fa94736b67d1015c40752d /arch/s390/Kconfig | |
| parent | ima: initialize the "template" field with the default template (diff) | |
| download | linux-c8424e776b093280d3fdd104d850706b3b229ac8.tar.xz linux-c8424e776b093280d3fdd104d850706b3b229ac8.zip | |
MODSIGN: Export module signature definitions
IMA will use the module_signature format for append signatures, so export
the relevant definitions and factor out the code which verifies that the
appended signature trailer is valid.
Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use mod_check_sig() without having to depend on either
CONFIG_MODULE_SIG or CONFIG_MODULES.
s390 duplicated the definition of struct module_signature so now they can
use the new <linux/module_signature.h> header instead.
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Acked-by: Jessica Yu <jeyu@kernel.org>
Reviewed-by: Philipp Rudo <prudo@linux.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'arch/s390/Kconfig')
| -rw-r--r-- | arch/s390/Kconfig | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index a4ad2733eedf..e0ae0d51f985 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -538,7 +538,7 @@ config ARCH_HAS_KEXEC_PURGATORY config KEXEC_VERIFY_SIG bool "Verify kernel signature during kexec_file_load() syscall" - depends on KEXEC_FILE && SYSTEM_DATA_VERIFICATION + depends on KEXEC_FILE && MODULE_SIG_FORMAT help This option makes kernel signature verification mandatory for the kexec_file_load() syscall. |