Verify kernel signature during kexec_file_load() syscall
configname: CONFIG_KEXEC_SIG
Linux Kernel Configuration
└─>Processor type and features
└─>Verify kernel signature during kexec_file_load() syscall
In linux kernel since version 5.1 (release Date: 2019-05-05)
This option makes the kexec_file_load() syscall check for a valid
signature of the kernel image. The image can still be loaded without
a valid signature unless you also enable KEXEC_SIG_FORCE, though if
there's a signature that we can check, then it must be valid.
In addition to this option, you need to enable signature
verification for the corresponding kernel image type being
loaded in order for this to work.
signature of the kernel image. The image can still be loaded without
a valid signature unless you also enable KEXEC_SIG_FORCE, though if
there's a signature that we can check, then it must be valid.
In addition to this option, you need to enable signature
verification for the corresponding kernel image type being
loaded in order for this to work.