On Tue, Jan 30, 2024 at 11:46 PM Stefan Berger <stefanb@xxxxxxxxxxxxx> wrote: > > EVM has recently been completely disabled on unsupported (e.g., > overlayfs). This series now enables copy-up of "portable and immutable" > signatures on those filesystems and enables the enforcement of > "portable and immutable" as well as the "original" signatures on > previously unsupported filesystem when EVM is enabled with EVM_INIT_X509. > HMAC verification and generation remains disabled on those filesystems. > I am missing a high level description of what is in those "portable and immutable" signatures and how those signatures remain valid across copy up. Thanks, Amir.
