Hi Tushar, Lakshmi, On Thu, 2020-11-19 at 15:26 -0800, Tushar Sugandhi wrote: > From: Lakshmi Ramasubramanian <nramas@xxxxxxxxxxxxxxxxxxx> > > IMA measures files and buffer data such as keys, command line arguments > passed to the kernel on kexec system call, etc. While these measurements > enable monitoring and validating the integrity of the system, it is not > sufficient. The above paragraph would make a good cover letter introduction. > In-memory data structures maintained by various kernel > components store the current state and policies configured for > the components. Various data structures, policies and state stored in kernel memory also impact the integrity of the system. The 2nd paragraph could provide examples of such integrity critical data. This patch set introduces a new IMA hook named ima_measure_critical_data() to measure kernel integrity critical data. thanks, Mimi