On Fri, 2026-04-24 at 18:10 -0400, Paul Moore wrote: > (I'm assuming you meant initcall and not syscall above, but if you're > talking about something else, please let me know.) > > Saying that you aren't comfortable moving IMA initialization to > late-sync is inconsistent with allowing IMA initialization to be > deferred to late-sync. Either it is okay to initialize IMA in > late-sync or it isn't. You must pick one.
Yes, we're discussing late_initcall and late_initcall_sync. I prefer to look at it as being pragmatic. I'd rather err on the side of caution and not move the syscall to late_initcall_sync, than move it. However, others have moved the syscall to address the TPM-bypass issue for their environment. Mimi
