Matthew Garrett <mjg59@xxxxxxxxxx> wrote: > (a) seems unnecessary, and (b) isn't possible in most distributions > (there's ongoing work in Debian, but it's not merged yet). I can see cases > where you'd want to enforce this via IMA, but I don't think it's > appropriate for all cases. Should the use of the IMA secure_boot policy be > gated behind a config option? Quite probably. Mimi? David
