kexec_load(2) bypasses signature verification

Dave Young dyoung at
Fri Jun 19 01:18:16 PDT 2015

> > If we want to disable unsigned kernel loading at compile time, then we
> > really need to work on decoupling CONFIG_KEXEC and CONFIG_FILE_KEXEC.
> > Introducing another config option is not the way forward, IMHO.
> Yes, let's do it in this way since everyone is fine with it.

I will work on a patch if nobody else have interest or no time on it.


More information about the kexec mailing list