Re: [PULL REQUEST] Kernel lockdown patches for 5.2

From: Matthew Garrett
Date: Wed Mar 06 2019 - 23:25:24 EST


On Wed, Mar 6, 2019 at 7:56 PM Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
> The kexec and kernel modules patches in this patch set continues to
> ignore IMA. This patch set should up front either provide an
> alternative solution to coordinate the different signature
> verification methods or rely on the architecture specific policy for
> that coordination.

Hi Mimi,

I'm working on a patch for this at the moment which can then be added
to either patchset. Is there a tree that contains the proposed Power
architecture policy? I want to make sure I don't accidentally end up
depending on anything x86.