> On Nov 19, 2024, at 3:49 AM, Roberto Sassu
> wrote:
>
> From: Roberto Sassu
>
> The Integrity Digest Cache can also help IMA for appraisal. IMA can simply
> lookup the calculated digest of an accessed file in the list of digests
> extracted from package headers, after verifying the header
> On Dec 4, 2024, at 3:44 AM, Roberto Sassu
> wrote:
>
> On Tue, 2024-12-03 at 20:06 +, Eric Snowberg wrote:
>>
>>> On Nov 26, 2024, at 3:41 AM, Roberto Sassu
>>> wrote:
>>>
>>> On Tue, 2024-11-26 at 00:13 +, Eric Snowberg w
> On Nov 26, 2024, at 3:41 AM, Roberto Sassu
> wrote:
>
> On Tue, 2024-11-26 at 00:13 +, Eric Snowberg wrote:
>>
>>> On Nov 19, 2024, at 3:49 AM, Roberto Sassu
>>> wrote:
>>>
>>> From: Roberto Sassu
>>>
>>> Th
> On Dec 5, 2024, at 9:16 AM, Roberto Sassu
> wrote:
>
> On Thu, 2024-12-05 at 09:53 +0100, Roberto Sassu wrote:
>> On Thu, 2024-12-05 at 00:57 +0000, Eric Snowberg wrote:
>>>
>>>> On Dec 4, 2024, at 3:44 AM, Roberto Sassu
>>>> wrote:
> On Dec 6, 2024, at 3:06 AM, Roberto Sassu
> wrote:
>
> On Thu, 2024-12-05 at 19:41 +, Eric Snowberg wrote:
>>
>>> On Dec 5, 2024, at 9:16 AM, Roberto Sassu
>>> wrote:
>>>
>>> On Thu, 2024-12-05 at 09:53 +0100, Roberto Sas
> On Jun 5, 2025, at 1:54 AM, Vitaly Kuznetsov wrote:
>
> 'certwrapper' offers _a_ solution which is great. It may, however, not
> be very convenient to use when a user wants to re-use the same OS image
> (e.g. provided by the distro vendor) for various different use-cases as
> proper 'certwrap
> On Jun 2, 2025, at 7:25 AM, Vitaly Kuznetsov wrote:
>
> UEFI SecureBoot 'db' keys are currently not trusted for modules signatures
> verification. RedHat based downstream distros (RHEL, Fedora, ...) carry a
> patch changing that for many years (since 2019 at least). This RFC is an
> attempt t
