There are two areas where IMA related paths could hopefully be made more consistent:

a) The IMA certificate should be stored in a non-changing directory instead of the current /usr/share/doc/kernel-keys/$(uname -r)/ima.cer.

b) /usr/lib64/systemd/libsystemd-core-252.so has string /etc/ima/ima-policy but dracut seems to use /etc/keys but also /etc/sysconfig/ima and /etc/sysconfig/ima-policy. Our documentation [1] also talks about /etc/keys, /etc/keys/ima, and /etc/ima/keys. This is unhelpful to have so many paths involved and it's unclear which ones should be preferred.

I'm not sure is it any more possible to unify different components to use the same path but at least we could use the minimal variations of paths possible and hopefully also stick with only one related path in the documentation.

1) https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/enhancing-security-with-the-kernel-integrity-subsystem_managing-monitoring-and-updating-the-kernel

Thanks.

[This issue might have incorrect component and type, please adjust accordingly.]