> > @@ -176,6 +195,19 @@ int ima_add_template_entry(struct ima_template_entry > > *entry, int violation, > > } > > } > > > > + /* > > + * suspend_ima_measurements will be set if the system is > > + * undergoing kexec soft boot to a new kernel. > > + * suspending measurements in this short window ensures the > > + * consistency of the IMA measurement list during copying > > + * of the kexec buffer. > > + */ > > Either remove the 2nd sentence "suspending measurements in this short window > ..." or explain what is meant by "short window". > > > > + if (atomic_read(&suspend_ima_measurements)) { > > + audit_cause = "measurements_suspended"; > > + audit_info = 0; > > + goto out; After the suggested changes, understanding how many measurements are not being added to the measurement list and not being extended into the TPM would be really interesting. Mimi > > + } > > + > > result = ima_add_digest_entry(entry, > > !IS_ENABLED(CONFIG_IMA_DISABLE_HTABLE)); > > if (result < 0) { > > _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec