[Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs

Mimi Zohar zohar at linux.vnet.ibm.com
Tue Dec 29 04:22:27 PST 2015

On Tue, 2015-12-29 at 07:06 -0500, Mimi Zohar wrote:
> On Tue, 2015-12-29 at 16:21 +0800, Dave Young wrote:

> This policy flexibility is needed at least until all files come from
> software providers with file signatures.  (RPM has been modified to
> include file signatures.)  Even then, in terms of kexec, some distros
> generate the initramfs on the target host and,  therefore, can not sign
> the initramfs.  The local user could, however, sign the initramfs on
> their own system.

Sorry, instead of "local user" the "local system/host owner" would be
more appropriate.


More information about the kexec mailing list