mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-22 19:03:28 +07:00
268a784049
A kernel loaded via kexec_load cannot be verified. Thus disable kexec_load systemcall in kernels which where IPLed securely. Use the IMA mechanism to do so. Signed-off-by: Philipp Rudo <prudo@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
15 lines
217 B
C
15 lines
217 B
C
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
#include <linux/ima.h>
|
|
#include <asm/boot_data.h>
|
|
|
|
bool arch_ima_get_secureboot(void)
|
|
{
|
|
return ipl_secure_flag;
|
|
}
|
|
|
|
const char * const *arch_get_ima_policy(void)
|
|
{
|
|
return NULL;
|
|
}
|