On Thu, 2018-03-08 at 12:42 -0600, Jiandi An wrote: [...] > I'm no expert on IMA and its driver. James, will you be kind enough > to look into overhauling the IMA driver to not measure until after > initrd phase if that's the consensus on resolving this? I'll add it to my todo list. Since my TPM 2.0 test environment is a VM with a tpm that has a network connection to an emulator on my host, it's impossible to set it up so that it's built in (because you need the network config before you init the TPM) so I might accelerate if I suddenly need to debug IMA issues in this configuration. James
