Hi Eric, On Mon, 2021-11-29 at 18:35 -0800, Eric Biggers wrote: > > diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c > > index 42c6ff7056e6..179c7f0364c2 100644 > > --- a/security/integrity/ima/ima_api.c > > +++ b/security/integrity/ima/ima_api.c > > @@ -217,7 +217,8 @@ int ima_get_action(struct user_namespace *mnt_userns, struct inode *inode, > > */ > > int ima_collect_measurement(struct integrity_iint_cache *iint, > > struct file *file, void *buf, loff_t size, > > - enum hash_algo algo, struct modsig *modsig) > > + enum hash_algo algo, struct modsig *modsig, > > + bool veritysig) > > 'veritysig' is being added here but it doesn't actually do anything. It seems > this patchset is not split up correctly. True, this patch just adds the plumbing. Reversing 3 & 4 could result in including the fs-verity digest, without the signature in the measurement list. The alternative is to squash patches 3 & 4. thanks, Mimi
