On 15-05-21 09:39:50, Andy Lutomirski wrote: > > It's also a performance cost because the average user of this signature stuff > doesn't actually want IMA, and IMA is checking the wrong think anyway. > IMA/EVM tells us "this file validly belongs in /lib/modules/whatever according > to whomever we trust for the filesystem". We want to check "is this data, > regardless of where it was read from, a trusted module". IMA-appraise does not care where the file comes from (although it may be persuaded to) and verifies file's data and meta-data against a signature. I guess you should actually read the code. :) Petko -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
