On Thu, Jul 13, 2023 at 05:59:38PM +, Eric Snowberg wrote:
On Jul 12, 2023, at 12:31 PM, Mimi Zohar wrote:
[Cc'ing the LSM mailing list.]
On Tue, 2023-07-11 at 11:16 +0800, Coiby Xu wrote:
When IMA has verified the signature of the kernel image, kexec'ing this
kernel should be allowed.
On Wed, Jul 12, 2023 at 02:31:43PM -0400, Mimi Zohar wrote:
[Cc'ing the LSM mailing list.]
On Tue, 2023-07-11 at 11:16 +0800, Coiby Xu wrote:
When IMA has verified the signature of the kernel image, kexec'ing this
kernel should be allowed.
Fixes: af16df54b89d ("ima: force signature verificatio
> On Jul 12, 2023, at 12:31 PM, Mimi Zohar wrote:
>
> [Cc'ing the LSM mailing list.]
>
> On Tue, 2023-07-11 at 11:16 +0800, Coiby Xu wrote:
>> When IMA has verified the signature of the kernel image, kexec'ing this
>> kernel should be allowed.
>>
>> Fixes: af16df54b89d ("ima: force signature
On Fri, 7 Jul 2023 at 19:12, Borislav Petkov wrote:
>
> On Fri, Jul 07, 2023 at 10:25:15AM -0500, Michael Roth wrote:
> > ...
> > It would be unfortunate if we finally abandoned this path because of the
> > issue being hit here though. I think the patch posted here is the proper
> > resolution to
On Thu, Jun 01, 2023 at 03:20:44PM +0800, Tao Liu wrote:
> arch/x86/kernel/machine_kexec_64.c | 35 ++
> 1 file changed, 31 insertions(+), 4 deletions(-)
Ok, pls try this totally untested thing.
Thx.
---
diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/com
