The IMA-Appraise capability provides a tamper-proof file system which allows only authorized executables to run on the device.
The tamper-proof file system includes the following capabilities:
- Prevents unauthorized executable applications from running on the device.
- Allows authorized software providers to deploy their applications to the device, where the applications can run without exceptions.
IMA-Appraise is based on confirming that the vendor’s CA certificate has been signed by the owner before installing packages from that vendor.