> On Fri, 2025-02-21 at 09:16 +0100, Petr Vorel wrote:
> > > On Thu, 2025-02-20 at 22:43 +0100, Petr Vorel wrote:
> > > > > On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote:
> > > > > > On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote:
> > > > > > > > On Thu, 2025-02-20 at 19:16 +0100, Petr V
On Fri, 2025-02-21 at 09:16 +0100, Petr Vorel wrote:
> > On Thu, 2025-02-20 at 22:43 +0100, Petr Vorel wrote:
> > > > On Thu, 2025-02-20 at 15:22 -0500, Mimi Zohar wrote:
> > > > > On Thu, 2025-02-20 at 20:13 +0100, Petr Vorel wrote:
> > > > > > > On Thu, 2025-02-20 at 19:16 +0100, Petr Vorel wrote
Test requires not only func=CRITICAL_DATA IMA policy content but also
ima_policy=critical_data kernel cmdline. Without cmdline no measures are
done.
https://ima-doc.readthedocs.io/en/latest/ima-policy.html#ima-policy-critical-data
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/
On Fri, Feb 21, 2025 at 12:44:45PM +, Jonathan McDowell wrote:
> On Thu, Feb 20, 2025 at 09:42:28AM +0100, Michal Suchánek wrote:
> > On Wed, Feb 19, 2025 at 10:29:45PM +, Jonathan McDowell wrote:
> > > On Wed, Jan 29, 2025 at 04:27:15PM +0100, Michal Suchánek wrote:
> > > > Hello,
> > > >
On Wed, Feb 19, 2025 at 10:29:45PM +, Jonathan McDowell wrote:
> On Wed, Jan 29, 2025 at 04:27:15PM +0100, Michal Suchánek wrote:
> > Hello,
> >
> > there is a problem report that booting a specific type of system about
> > 0.1% of the time encrypted volume (using a PCR to release the key) fai
On Mon, Feb 10, 2025 at 07:32:53PM +0200, Jarkko Sakkinen wrote:
> On Mon Feb 10, 2025 at 6:18 PM EET, Jonathan McDowell wrote:
> > Who then handles the ERESTARTSYS though? Part of the issues we've seen
> > is the failure happens in a context save or load, which is all within
> > the kernel rather
Default value was suitable only for x86_64. This helps to use other
archs on distros which set $BOOT_IMAGE.
Signed-off-by: Petr Vorel
---
NOTE: this will not help for non-x86_64 archs on distros which don't
specify BOOT_IMAGE on kernel command line (e.g. aarch64 or ppc64le).
But unless I get repo
