Mimi Zohar <zohar at linux.vnet.ibm.com> wrote: > From an IMA perspective, either a file hash or signature are valid, > but for this usage it must be a signature. Not necessarily. If IMA can guarantee that a module is the same based on its hash rather than on a key, I would've thought that should be fine. David