On Aug 3, 2016 3:09 PM, "James Bottomley" <James.Bottomley@hansenpartnership.com> wrote:

> >
> > I'm not personally too worried about verifying initramfs -- initramfs
> > is functionally equivalent to the root filesystem, and they ought to
> > be verifiable the same way.
>
> Yes, but if you worry about protecting yourself from hackers, IMA can
> verify no-one tampers with your rootfs; what verifies that no-one
> tampers with your initrd (which is a very powerful instrument to
> subvert a linux boot)?

IMA?  Awhile ago I suggested adding tar parsing with xattrs to initramfs, and I'm not sure what went wrong with that idea.