On Tue, Jan 15, 2013 at 11:55:59PM -0500, Mimi Zohar wrote: [..] > Please remind me why you can't use IMA-appraisal, which was upstreamed > in Linux 3.7? Why another method is needed?
So is this IMA-appraisal also supports digital signatures? The IMA white paper seems to put digital signatures in separate category (IMA-Appraisal-Signature-Extension). > > With IMA-appraisal, there are a couple of issues that would still need > to be addressed: > - missing the ability to specify the validation method required. > - modify the ima_appraise_tcb policy policy to require elf executables > to be digitally signed. For my use case, all executable don't have to be digitally signed. If something is digitally signed then do the signature verification. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
