Hi Mimi, > When the IMA measurement list contains file signatures, the file > signatures are verified either by calculating the local file data hash > or based on the file hash contained in the measurement list. In either > case a list of trusted public keys needs to be provided. > In addition to the list of known/unknown public keys needed to verify > the measurement list being output, the specific files signed by an > unknown public key are output as well. > Output the individual "unknown keyid" file messages based on log level. > Example 1: "ima_measurement" list of known/unknown public keys Reviewed-by: Petr Vorel <pvorel@xxxxxxx> Kind regards, Petr
