On Thu, Dec 02, 2021 at 04:55:05PM -0500, Mimi Zohar wrote: > Without the file signature included in the IMA measurement list, the type > of file digest is unclear. Set up the plumbing to limit including > fs-verity's file digest in the IMA measurement list based on whether the > template name is ima-sig. In the future, this could be relaxed to include > any template format that includes the file signature. > Does it make sense to tie IMA's fs-verity support to files having signatures? What about IMA audit mode? I thought that is just about collecting hashes, and has nothing to do with signatures. - Eric
