[LTP] [PATCH 2/2] ima_kexec.sh: Document kernel config dependencies
Mimi Zohar
zohar@linux.ibm.com
Wed Jan 14 16:11:58 CET 2026
On Wed, 2026-01-07 at 16:57 +0100, Petr Vorel wrote:
> CONFIG_HAVE_IMA_KEXEC=y is enough for test, ie. test is working with:
>
> # CONFIG_IMA_KEXEC is not set
> CONFIG_HAVE_IMA_KEXEC=y
>
> Probably obvious as CONFIG_HAVE_IMA_KEXEC is arch specific and
> CONFIG_IMA_KEXEC is "TPM PCRs are only reset on a hard reboot."
> and ima_kexec.c requires CONFIG_HAVE_IMA_KEXEC (only parts are skipped
> when CONFIG_IMA_KEXEC not set) but better to clarify for users.
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
> testcases/kernel/security/integrity/ima/tests/ima_kexec.sh | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
> index 7688690af2..de595fcdd7 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_kexec.sh
> @@ -6,8 +6,11 @@
> #
> # Verify that kexec cmdline is measured correctly.
> # Test attempts to kexec the existing running kernel image.
> +#
> # To kexec a different kernel image export IMA_KEXEC_IMAGE=<pathname>.
> # Test requires example IMA policy loadable with LTP_IMA_LOAD_POLICY=1.
> +#
> +# Test requires CONFIG_HAVE_IMA_KEXEC=y (CONFIG_IMA_KEXEC is not mandatory).
Correct. The test verifies that the kernel image is measured. It does not
execute the kexec, so there is no need for carrying the IMA measurement list
across kexec (CONFIG_IMA_KEXEC).
>
> TST_NEEDS_CMDS="grep kexec sed"
> TST_CNT=3
More information about the ltp
mailing list