Mimi Zohar <[email protected]> wrote: > From an IMA perspective, either a file hash or signature are valid, > but for this usage it must be a signature.
Not necessarily. If IMA can guarantee that a module is the same based on its hash rather than on a key, I would've thought that should be fine. David
