Re: [Linux-ima-user] IMA/EVM

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

	Hello guys,

I am playing with local generated CA that sign public IMA keys.  This CA is in the trusted (.ima) keyring and stuff signed by public keys (that are themselves properly signed) seem to work 
fine.

However, i would need to have CA hierarchy and i wonder whether the current Linux kernel supports it.  IOW i need a root certificate to sign other certificate(s) that on turn will sign IMA keys.  
Is it possible to build something like:

root CA ------> local CA 1 ------> IMA_key_1
          |
          +---> local CA 2 ------> IMA_key_2

So stuff signed by IMA_key_1 and 2 would properly pass the appraisal tests?

thanks a bunch,
Petko