Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: > Huh?! With the "secure_boot" policy enabled on the boot command line, > IMA-appraisal would verify the kexec kernel image, firmware, kernel > modules, and custom IMA policy signatures.
What happens if the "secure_boot" policy isn't enabled on the boot command line? Can you sum up both cases in a paragraph I can add to the patch description? > Other patches in this patch series need to be updated as well to check > if IMA-appraisal is enabled. Which exactly? I've added your "!is_ima_appraise_enabled() &&" line to kexec_file() and module_sig_check(). Anything else? David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
