Mimi Zohar <[email protected]> wrote: > Huh?! With the "secure_boot" policy enabled on the boot command line, > IMA-appraisal would verify the kexec kernel image, firmware, kernel > modules, and custom IMA policy signatures.
What happens if the "secure_boot" policy isn't enabled on the boot command line? Can you sum up both cases in a paragraph I can add to the patch description? > Other patches in this patch series need to be updated as well to check > if IMA-appraisal is enabled. Which exactly? I've added your "!is_ima_appraise_enabled() &&" line to kexec_file() and module_sig_check(). Anything else? David
