review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Mimi Zohar <zohar@linux.ibm.com>
	Wed, 14 Nov 2018 17:30:19 +0000 (12:30 -0500)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Tue, 11 Dec 2018 12:19:47 +0000 (07:19 -0500)
commit	a802ed0dd9c2607cc219574e881062d43ea3b7e0
tree	bae0e40409b10571fb51eeb623799db68de0b419	tree \| snapshot
parent	060190fbe676268a04a80d5f4b426fc3db9c2401	commit \| diff

selftests/ima: kexec_load syscall test

The kernel CONFIG_KEXEC_VERIFY_SIG option is limited to verifying a
kernel image's signature, when loaded via the kexec_file_load syscall.
There is no method for verifying a kernel image's signature loaded
via the kexec_load syscall.

This test verifies loading the kernel image via the kexec_load syscall
fails when the kernel CONFIG_KEXEC_VERIFY_SIG option is enabled on
systems with secureboot enabled[1].

[1] Detecting secureboot enabled is architecture specific.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

tools/testing/selftests/Makefile		diff \| blob \| history
tools/testing/selftests/ima/Makefile	[new file with mode: 0644]	blob
tools/testing/selftests/ima/config	[new file with mode: 0644]	blob
tools/testing/selftests/ima/test_kexec_load.sh	[new file with mode: 0755]	blob