s390/kexec_file: Disable kexec_load when IPLed secure

A kernel loaded via kexec_load cannot be verified. Thus disable kexec_load systemcall in kernels which where IPLed securely. Use the IMA mechanism to do so. Signed-off-by: Philipp Rudo <prudo@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
author: Philipp Rudo <prudo@linux.ibm.com> 2019-03-26 15:45:53 +0100
committer: Martin Schwidefsky <schwidefsky@de.ibm.com> 2019-04-29 10:44:03 +0200
commit: 268a78404973594d1a7ec3a2b6a2474e0543a435 (patch)
tree: a8eefe8904c63e1b342e226a263d749f60aa3da0 /include/linux/ima.h
parent: s390/kexec_file: Create ipl report and pass to next kernel (diff)
download: linux-dev-268a78404973594d1a7ec3a2b6a2474e0543a435.tar.xz
linux-dev-268a78404973594d1a7ec3a2b6a2474e0543a435.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/ima.h b/include/linux/ima.h
index dc12fbcf484c..fd9f7cf4cdf5 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -31,7 +31,7 @@ extern void ima_post_path_mknod(struct dentry *dentry);
 extern void ima_add_kexec_buffer(struct kimage *image);
 #endif
 
-#if defined(CONFIG_X86) && defined(CONFIG_EFI)
+#if (defined(CONFIG_X86) && defined(CONFIG_EFI)) || defined(CONFIG_S390)
 extern bool arch_ima_get_secureboot(void);
 extern const char * const *arch_get_ima_policy(void);
 #else
author	Philipp Rudo <prudo@linux.ibm.com>	2019-03-26 15:45:53 +0100
committer	Martin Schwidefsky <schwidefsky@de.ibm.com>	2019-04-29 10:44:03 +0200
commit	268a78404973594d1a7ec3a2b6a2474e0543a435 (patch)
tree	a8eefe8904c63e1b342e226a263d749f60aa3da0 /include/linux/ima.h
parent	s390/kexec_file: Create ipl report and pass to next kernel (diff)
download	linux-dev-268a78404973594d1a7ec3a2b6a2474e0543a435.tar.xz linux-dev-268a78404973594d1a7ec3a2b6a2474e0543a435.zip