F37 and Integrity Measurement Architecture

As I was exploring linux today and I turned my attention to the linux IMA. The IMA seems to very useful for helping maintain security. Though the pcs have TPM2 I do not have secure boot running and do not plan to employ that. However it does not seem that the IMA is only applicable to that configuration.

I checked the files in: /sys/kernel/security/ima/ and they indicate no activity of IMA. I also checked the kernel command line and there is no “ima=on ima_policy=policy

I am curious why IMA is not setup on Fedora workstation. I’m also wondering if there are issues with setting up IMA in Workstation.

Thanks in advance for any help or advice you can provide.

IMA isn’t just something you turn on and your system is magically more secure. Some of the required parts have landed (see Changes/Signed RPM Contents - Fedora Project Wiki), but there’s a lot more to do.

If you’re interested in working on this further (and bringing it from Fedora IoT edition to Fedora Workstation), there’s certainly room for that.

Yes, I have read about IMA at:

I understand that there is a certain amount of configuration to do. The feature I am most interested in is detecting is files have been modified.

I read the link you provided. I’m guessing that at this point no one is thinking about or working on bringing this to Workstation. If this is wrong please let be know if there is someone I should contact to see if I can help. Otherwise as a learning experience, after F38 is released, I think I will see if I can get it working in F38. Is it possible someone on the IOT team would be willing to help with questions as I proceed with the actual work?