On Thu, Mar 7, 2019 at 2:34 PM Mimi Zohar <[email protected]> wrote: > > On Thu, 2019-03-07 at 14:27 -0800, Matthew Garrett wrote: > > On Wed, Feb 13, 2019 at 4:18 AM Mimi Zohar <[email protected]> wrote: > > > - if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && > > > arch_ima_get_secureboot()) > > > + if (IS_ENABLED(CONFIG_IMA_ARCH_POLICY) && > > > arch_ima_get_secureboot()) { > > > + if (IS_ENABLED(CONFIG_MODULE_SIG)) > > > + set_module_sig_enforced(); > > > return sb_arch_rules; > > > > Linus previously pushed back on having the lockdown features > > automatically enabled on secure boot systems. Why are we doing the > > same in IMA? > > IMA-appraisal is extending the "secure boot" concept to the running > system.
Right, but how is this different to what Linus was objecting to?
