In the ima-buf template, I sense that the n-ng file names are not
actually file names, but (sort of) ASCII enums. Is that right?
1 - I've identified a few that mean the 'buf' contents are DER encoded
X509 certificates. Are there others in this group?
.builtin_trusted_keys
.ima
2 - There is evidently a 'file name' that indicates that the contents
are the boot command line. Would it be '/proc/cmdline' or something else?
Could the name vary with the kernel version or distro?
What would be a maximum length for this buf beyond which the verifier
should report an error?
3 - What other file names could a verifier expect?
4 - What happens if there is a 'buf' but not an 'n-ng'? For
example, the custom template "d-ng | buf". Or if there is an n-ng but
the file name length is zero?
Is this an error? If not, how would the contents of buf be interpreted
without a file name?
5 - Are the file names for this template fixed today, or could there be
more added in the future? If more could be added, is there the concept
of 'critical' names that a verifier must understand or reject and
non-critical that the verifier could safely ignore?
