Hi, I'm currently evaluating the IMA (Integrity Measurement Architecture) for the security team. This is basically enabled in our current Leap and SLE-12 kernels but not in Tumbleweed. For harmonization and because I'd like to test IMA with a current kernel on Tumbleweed, could you please enable the following kernel configuration options: CONFIG_IMA=y CONFIG_IMA_READ_POLICY=y CONFIG_IMA_APPRAISE=y CONFIG_IMA_APPRAISE_BOOTPARAM=y CONFIG_IMA_NG_TEMPLATE=y CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng" CONFIG_IMA_DEFAULT_HASH="sha256" CONFIG_IMA_DEFAULT_HASH_SHA256=y CONFIG_EVM=y CONFIG_EVM_ATTR_FSUUID=y But *without* CONFIG_IMA_TRUSTED_KEYRING and CONFIG_INTEGRITY_TRUSTED_KEYRING (those don't make sense as long as we have no possibility to sign third party keys). See bnc#1075517. For more information about what IMA does I've written up documentation in https://en.opensuse.org/SDB:Ima_evm. Thank you Matthias -- Matthias Gerstner <matthias.gerstner@suse.de> Dipl.-Wirtsch.-Inf. (FH), Security Engineer https://www.suse.com/security Telefon: +49 911 740 53 290 GPG Key ID: 0x14C405C971923553 SUSE Linux GmbH GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nuernberg)