| Server IP : 15.235.198.142 / Your IP : 216.73.216.14 Web Server : Apache/2.4.58 (Ubuntu) System : Linux ballsack 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64 User : www-data ( 33) PHP Version : 8.3.6 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : OFF Directory : /usr/lib/modules/6.8.0-45-generic/build/tools/testing/selftests/kexec/ |
Upload File : |
#!/bin/sh # SPDX-License-Identifier: GPL-2.0 # # Prevent loading a kernel image via the kexec_load syscall when # signatures are required. (Dependent on CONFIG_IMA_ARCH_POLICY.) TEST="$0" . ./kexec_common_lib.sh # kexec requires root privileges require_root_privileges # get the kernel config get_kconfig kconfig_enabled "CONFIG_KEXEC=y" "kexec_load is enabled" if [ $? -eq 0 ]; then log_skip "kexec_load is not enabled" fi kconfig_enabled "CONFIG_IMA_APPRAISE=y" "IMA enabled" ima_appraise=$? kconfig_enabled "CONFIG_IMA_ARCH_POLICY=y" \ "IMA architecture specific policy enabled" arch_policy=$? get_secureboot_mode secureboot=$? # kexec_load should fail in secure boot mode and CONFIG_IMA_ARCH_POLICY enabled kexec --load $KERNEL_IMAGE > /dev/null 2>&1 if [ $? -eq 0 ]; then kexec --unload if [ $secureboot -eq 1 ] && [ $arch_policy -eq 1 ]; then log_fail "kexec_load succeeded" elif [ $ima_appraise -eq 0 -o $arch_policy -eq 0 ]; then log_info "Either IMA or the IMA arch policy is not enabled" fi log_pass "kexec_load succeeded" else if [ $secureboot -eq 1 ] && [ $arch_policy -eq 1 ] ; then log_pass "kexec_load failed" else log_fail "kexec_load failed" fi fi