Re: [Linux-ima-user] Invalid-HMAC Issue with IMA in Enforce Mode

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Wed, 2015-09-16 at 16:02 +0000, Calligan, Keith (US) wrote:
> Hi Mimi,
> 
> Sorry for not understanding this completely.

Sorry, I should have been clearer.  This change is being upstreamed now.

Mimi

> I don’t see CONFIG_SYSTEM_TRUSTED_KEYS as an option in the Kernel.  I
> searched for it when I ran “make menuconfig”.  Is there a patch I need for
> this? Are you referring to the “IMA_X509_PATH” setting instead? This was
> previously set to “/etc/keys/x509_ima.der"

> Also, if I understand correctly, I am going to remove ima-local-ca.x509
> from the Kernel source directory? I know when I had this defined, I could
> see the IVM CA when running “cat /proc/keys”.  I no longer see this after
> recompiling.   
> 
> Thanks,
> 
> Keith