Package ima-evm-integrity-check: Information

    Source package: ima-evm-integrity-check
    Version: 0.8.0-alt1
    Build time:  Jul 31, 2025, 08:59 PM
    Category: System/Base
    Report package bug
    License: GPLv2+
    Summary: IMA/EVM integrity check
    Description: 
    This package make use of the IMA and EVM technologies from the Linux
integrity subsystem. Basically IMA and EVM provide the following
functionality:

- measurement (hashing) of file content as it is accessed and keeping
  track of this information in an audit log;
- appraisal of files, which allows to prevent access when
  a measurement (hash) or digital signature does not match
  the expected value.

This package requires kernel with corresponding config options enabled.
    List of RPM packages built from this SRPM:
    ima-evm-integrity-check (noarch)
    make-initrd-integrity (noarch)
    Maintainer: Paul Wolneykien
    List of contributors:
    Paul Wolneykien
    Anton Midyukov
    Denis Medvedev
    Mikhail Efremov
      1. bash4
      2. rpm-build-licenses

    Last changed

    July 31, 2025 Paul Wolneykien 1:0.8.0-alt1
    - Updated the README file.
- Write integrity-applier messages to log file in --auto mode.
- Don't require ima_appraise=fix in order to sign files.
- Read and write the command-line options from/to state dir in --auto mode.
- Directly use the main config instead of evm_mode file when applying
  and checking EVM.
- Use independent openssl.cnf for certificate generation.
- Fix: Document the GOST_PARAMSET configuration option.
- Fix: Don't insert GOST kernel modules whin signing the files.
- integrity-sign: Improve the check for incompatible options.
- Added -B | --basename command-line option.
- Add command-line and configuration options to control overwrite
  of existing signatures.
- Fix: Check access to the private key when signing the files.
- integrity-sign: Don't write messages to log file by default.
- Don't generate a new certificate without -U | --update option.
- Update the main manual page (trusted keyring + configuration
  options).
- Added integrity-sign(8) manual page.
- Don't load any keys into userspace when signing the files.
- Added -U | --update option.
- Better messaging on verification mode: N/A (reason), BAD, OK.
- Improved --verify mode: Search for keys loaded into the IMA keyring
- Make the initrd script not abort on key related errors by default.
- Introduce SECONDARY_SUFFIX option to load CA certs.
- Added CERT_BASENAME configuration option.
- Allow to sign files using only the private key.
- Optionally, protect the keys and keyrings.
- Use `keyctl id` to search for a keyring ID.
- Add IMA_KEYRING configuration option.
- Add support for --cert and --key options.
- Initialize kmk-user in EVM mode only.
- Fix: Specify that v0.7.5-alt1 closes 48556.
- Fix: Use standalone OpenSSL configuration.
- Write /tmp/integrity.log at initrd stage for debug purposes.
    May 29, 2025 Paul Wolneykien 1:0.7.9-alt1
    - Fixed reconfiguration error for bootloaders other than GRUB.
    May 13, 2025 Anton Midyukov 1:0.7.8-alt1
    - integrity-sign: add extra library extension support
    VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
    Version: v26.2.2
    Back to top