Wr-ima-appraise uses IMA Appraisal to prevent loading applications and libraries without authorized signatures.
The IMA-Appraise capability provides a tamper-proof file system which allows only authorized executables to run on the device.
The tamper-proof file system includes the following capabilities:
- Prevents unauthorized executable applications from running on the device.
- Allows authorized software providers to deploy their applications to the device, where the applications can run without exceptions.
IMA-Appraise is based on confirming that the vendor’s CA certificate has been signed by the owner before installing packages from that vendor.
None of the replies address the real query. When should I sign my image ? I get IMA-Appraise and tamper proof system with unsigned image also.