On Fri, Jul 13, 2018 at 11:06 AM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote: > IMA by default does not measure, appraise or audit files, but can be > enabled at runtime by specifying a builtin policy on the boot command line > or by loading a custom policy. > > This patch defines a build time policy, which verifies kernel modules, > firmware, kexec image, and/or the IMA policy signatures. This build time > policy is automatically enabled at runtime and persists after loading a > custom policy. > > Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees -- Kees Cook Pixel Security
