nixos-images
nixos-images copied to clipboard
kexec fails due to IMA being enforced on Azure VMs
kexec
fails due to IMA (Integrity Measurement Architecture) being enforced on Azure, I'm using nixos-anywhere and just saw that the image comes from here for unattended install.
See here : https://github.com/numtide/nixos-anywhere/issues/189
I want to know, do I need to build a new image in order to use kexec -s
instead of kexec
?
It is due to IMA
appraisal being enabled on Azure VMs :
[ 3099.239362] ima: impossible to appraise a kernel image without a file descriptor; try using kexec_file_load syscall.
More details here : https://kernsec.org/pipermail/linux-security-module-archive/2018-October/008951.html
To build, a compatible image, I should try and modify the build-images.sh
script to my needs ?