IMA (Integrity Measurement Architecture) is somewhat newish in-kernel security framework to allow ensuring the integrity of a system by preventing access or executing tampered files. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/enhancing-security-with-the-kernel-integrity-subsystem_managing-monitoring-and-updating-the-kernel. Note that as of today the documentation does not yet mention the newly added ima-setup tool which greatly simplifies IMA setup.

Consider if/how IMA should be supported by RHEL Image Builder. Should it be documented (officially or RHKB article or blog post) how to use a firstboot script to configure that? Or should there be a new customization option that would do everything needed if enabled? Or perhaps something else?

Thanks.