Bug 2068056

Summary: Clarify IMA/EVM Support Status
Product: Red Hat Enterprise Linux 9 Reporter: Marko Myllynen <myllynen>
Component: DocumentationAssignee: Jana Heves <jsvarova>
Documentation sub component: default QA Contact:
Status: CLOSED WONTFIX Docs Contact:
Severity: unspecified    
Priority: medium CC: coxu, jklech, mtguarnera, perobins, plambri
Version: 9.0Keywords: Documentation, Triaged
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2164430 (view as bug list) Environment:
Last Closed: 2023-05-26 12:40:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2164430    

Description Marko Myllynen 2022-03-24 11:14:38 UTC 
Document URL: 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9-beta/html/managing_monitoring_and_updating_the_kernel/enhancing-security-with-the-kernel-integrity-subsystem_managing-monitoring-and-updating-the-kernel

Section Number and Name: 
Chapter 22. Enhancing security with the kernel integrity subsystem

Describe the issue: 
The document describes basics of IMA/EVM with some examples but fails to mention notable implementation short-comings such as EVM not being enabled on boot even after setting it up according to the document.

It looks like IMA/EVM would need more work to be ready for production use with RHEL however the document gives impression IMA/EVM has no support limitations.

Suggestions for improvement: 
Clarify what features of IMA/EVM are fully supported on RHEL (if any) and what are Tech Preview or Unsupported.

Additional information: 
I've created Ansible role to setup IMA/EVM which might be helpful for testing and verifying IMA/EVM setups, see https://github.com/myllynen/rhel-ansible-roles/tree/master/roles/ima_evm_setup.