I am looking at Linux IMA to try and understand how it might be useful for my application. I am playing around with it a bit now and as I do so, I am finding myself with questions about the usage model and user configuration. With that opening, my first question is: Is this an acceptable forum for asking user and usage questions? If yes, then let me describe my environment; I am running an older kernel, 4.14.238, on a fsl device in a system that does not have a TPM although I am running an implementation of OP-TEE. In my case, I want to do the best I can to prevent file modification, without considering off-line attacks. My deployment mechanism is os-tree. When I look at the measurement capability, I cannot see how that can help since I do not have a TPM in which to anchor the measurements so it looks like I need to implement appraisal. I did find this link, https://sourceforge.net/p/linux-ima/mailman/linux-ima-user/?viewmonth=201409&viewday=10, where Mimi says "Enabling IMA-appraisal is anything but simple". and I actually found that kind of re-assuring as it confirmed that my learning curve in this area may not be out of line. My plan is to pre-sign the files prior to installation and I see that effort as being outside of the scope of my inquiries here. So now, does it look like I am starting in the right direction? Thanks for reading through this and I welcome any comments. Ken
