[Linux-ima-devel] [PATCH v2 4/7] ima: measure and appraise kexec image and initramfs
Mimi Zohar
zohar at linux.vnet.ibm.com
Tue Dec 29 04:22:27 PST 2015
On Tue, 2015-12-29 at 07:06 -0500, Mimi Zohar wrote:
> On Tue, 2015-12-29 at 16:21 +0800, Dave Young wrote:
> This policy flexibility is needed at least until all files come from
> software providers with file signatures. (RPM has been modified to
> include file signatures.) Even then, in terms of kexec, some distros
> generate the initramfs on the target host and, therefore, can not sign
> the initramfs. The local user could, however, sign the initramfs on
> their own system.
Sorry, instead of "local user" the "local system/host owner" would be
more appropriate.
Mimi
More information about the kexec
mailing list