29 Aug
2019
29 Aug
'19
12:01 a.m.
On Wed, 2019-08-28 at 20:38 -0300, Thiago Jung Bauermann wrote:
Hello Mimi,
Mimi Zohar zohar@linux.ibm.com writes:
In addition to the PE/COFF and IMA xattr signatures, the kexec kernel image can be signed with an appended signature, using the same scripts/sign-file tool that is used to sign kernel modules.
This patch adds support for detecting a kernel image signed with an appended signature and updates the existing test messages appropriately.
Reviewed-by: Petr Vorel pvorel@suse.cz Signed-off-by: Mimi Zohar zohar@linux.ibm.com
Thanks for doing this!
You're welcome. This isn't in lieu of a proper regression test that verifies the IMA measurement list template modsig and d-modsig data fields. That still needs to be written.
thanks,
Mimi