Mimi Zohar <[email protected]> writes: > On Fri, 2026-02-13 at 09:28 +0800, Coiby Xu wrote: >> Commit b5ca117365d9 ("ima: prevent kexec_load syscall based on runtime >> secureboot flag") and commit 268a78404973 ("s390/kexec_file: Disable >> kexec_load when IPLed secure") disabled the kexec_load syscall based >> on the secureboot mode. Commit 9e2b4be377f0 ("ima: add a new CONFIG >> for loading arch-specific policies") needed to detect the secure boot >> mode, not to load an IMA architecture specific policy. Since there is >> the new CONFIG_INTEGRITY_SECURE_BOOT, drop >> CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT for s390. >> >> Signed-off-by: Coiby Xu <[email protected]> > > Alexander, you added your Tested-by for the original version of this patch > set. > Can I apply it for v3? > > thanks, > > Mimi
I have verified v3 on one of our secure boot machines, it looks good too. Tested-by: Alexander Egorenkov <[email protected]>
