**** BEGIN LOGGING AT Fri Apr 16 03:00:29 2021 Apr 16 11:33:04 hello all, Apr 16 11:33:04 I am trying to secure boot linux. My hardware is a freescale arm64 i.MX8M mini SOC based platform. Apr 16 11:33:05 I am using meta-security/meta-integrity to sign my rootfs. For some reason my keys are not getting Apr 16 11:33:05 loaded by linux integrity subsystem: Apr 16 11:33:06 integrity: Loading X.509 certificate: /etc/keys/x509_ima.der Apr 16 11:33:06 integrity: Problem loading X.509 certificate -126 Apr 16 11:33:17 any pointers/suggestions ? Thank you Apr 16 11:55:55 suniel, without directory appraisal I'd recommend against using IMA/EVM for secure boot Apr 16 11:56:17 (without it, an attacker could just mv /bin/bash /sbin/init) Apr 16 11:56:59 hmm Apr 16 12:15:19 suniel, did you see my message? Apr 16 12:15:25 any pointers/suggestions ? Thank you Apr 16 12:15:26 suniel, without directory appraisal I'd recommend against using IMA/EVM for secure boot Apr 16 12:15:26 (without it, an attacker could just mv /bin/bash /sbin/init) Apr 16 12:20:52 shoragan: I think I am doing directory appraisal. I have passed kernel command parameter ima_policy=appraise_tcb Apr 16 12:22:12 linux integrity susbsystem gives me error -126 while loading certificates Apr 16 12:22:30 error 126: required key not available Apr 16 12:22:46 is it something wrong with certificate format ? Apr 16 13:00:38 suniel, as far as i know, directory appraisal was never mainlined Apr 16 13:09:36 shoragan: then i might not be using directory appraisal **** ENDING LOGGING AT Sat Apr 17 02:59:57 2021