On Fri, Jul 13, 2018 at 11:06 AM, Mimi Zohar <[email protected]> wrote: > IMA by default does not measure, appraise or audit files, but can be > enabled at runtime by specifying a builtin policy on the boot command line > or by loading a custom policy. > > This patch defines a build time policy, which verifies kernel modules, > firmware, kexec image, and/or the IMA policy signatures. This build time > policy is automatically enabled at runtime and persists after loading a > custom policy. > > Signed-off-by: Mimi Zohar <[email protected]>
Reviewed-by: Kees Cook <[email protected]> -Kees -- Kees Cook Pixel Security _______________________________________________ kexec mailing list [email protected] http://lists.infradead.org/mailman/listinfo/kexec
