On Thu, May 22, 2025 at 11:24:13AM +0800, Baoquan He wrote:
On 05/21/25 at 08:54am, Mimi Zohar wrote:
On Fri, 2025-05-16 at 08:22 +0800, Baoquan He wrote:
> CC kexec list.
>
> On 05/16/25 at 07:39am, Baoquan He wrote:
> > Kdump kernel doesn't need IMA functionality, and enabling IMA will cost
> > extra memory. It would be very helpful to allow IMA to be disabled for
> > kdump kernel.
Thanks a lot for careufl reviewing and great suggestions.
The real question is not whether kdump needs "IMA", but whether not enabling
IMA in the kdump kernel could be abused. The comments below don't address
that question but limit/emphasize, as much as possible, turning IMA off is
limited to the kdump kernel.
Are you suggesting removing below paragraph from patch log because they
are redundant? I can remove it in v2 if yes.
I understand Mimi's suggestion as the commit message should answer the
question why disabling IMA should be limited to kdump.
--
Best regards,
Coiby
