IMA/EVM and dm-crypt

IMA/EVM and dm-crypt

Please tell me if I'm missing something here, but ISTM the two techniques are not replacements for each other. WRT offline access, dm-crypt is a superset of IMA/EVM.

IMA/EVM is useful if you want to know whether someone has been monkeying with your hard drive while you weren't looking, but does nothing to protect against the NSA reading your data, whereas dm-crypt ensures both no one has modified your data while the system was down, and no one has accessed it, either.