kexec_load(2) bypasses signature verification
dyoung at redhat.com
Fri Jun 19 01:18:16 PDT 2015
> > If we want to disable unsigned kernel loading at compile time, then we
> > really need to work on decoupling CONFIG_KEXEC and CONFIG_FILE_KEXEC.
> > Introducing another config option is not the way forward, IMHO.
> Yes, let's do it in this way since everyone is fine with it.
I will work on a patch if nobody else have interest or no time on it.
More information about the kexec