Control: tag -1 moreinfo On Thu, 5 Jan 2017 21:16:58 -0500 Stefan Berger <stefanb@linux.vnet.ibm.com> wrote: > Package: initramfs-tools > Version: 0.103ubuntu4.3 > Severity: wishlist > > Linux implements the Integrity Measurement Architecture (IMA) and the Extended > Verfication Module (EVM). > > IMA measures application and libraries as they are started and, using a policy, > it can also verify the signatures associated with the applications and > libraries. For this to work the operating system has load a policy and keys > into the kernel. This should be done when the system is booted. > > EVM protects file metadata against offline tampering. It does this by signing > (HMAC, public key signature) file attributes. For this to work the operating > system has to load the key used for verfication and signing into the kernel. > This should be done when the system is booted. As your implementation only adds new hook and boot scripts, why not put them in a separate package? Ben. -- Ben Hutchings Hoare's Law of Large Problems: Inside every large problem is a small problem struggling to get out.
Attachment:
signature.asc
Description: This is a digitally signed message part