Hi Mimi,

I used your latest test code and added ima_tcb and ima=on to the kernel cmds.  I still got the the same error. Any suggestions? - Thanks.


-bash-4.1# ./ima_measure /sys/kernel/security/tpm0/binary_bios_measurements --verbose
### PCR HASH                                  TEMPLATE-NAME
  0 000  08 00 00 00 29 8D F1 25 B2 60 EF 64 20 1B DF 08 15 C0 03 87248900926 ERROR: event name too long!


-bash-4.1# cat /proc/cmdline
initrd=initramfs-2.6.32-131.6.1.el6.cs.x86_64.img mem=8G root=xyz rw ima_tcb ima=on BOOT_IMAGE=vmlinuz-2.6.32-131.6.1.el6.cs.x86_64

Regards,

David



On Thu, Aug 4, 2011 at 3:38 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
On Thu, 2011-08-04 at 10:55 -0700, David Li wrote:
> Hi Mimi,
>
>
> My HS22 is running RHEL6:
>
>
> -bash-4.1# uname -r
> 2.6.32-131.6.1.el6.cs.x86_64
>
>
> The machine is PXEBooted:
>
>
> -bash-4.1# cat /proc/cmdline
> initrd=initramfs-2.6.32-131.6.1.el6.cs.x86_64.img mem=8G root=<xyz> rw
> BOOT_IMAGE=vmlinuz-2.6.32-131.6.1.el6.cs.x86_64

IMA is enabled in RHEL6 by default, but to collect measurements requires
replacing the null policy with the TCB one, by specifying the 'ima_tcb'
boot command line parameter. In addition, you might need to specify the
'ima=on' parameter as well.

Instead of downloading the individual IMA test programs and the LTP
'glue' (eg. include files, definitions and stub functions) separately,
the new ltp-ima-standalone tar file includes the IMA tests.
(http://downloads.sf.net/project/linux-ima/linux-ima/ltp-ima-standalone.tar.gz)
(The IMA LTP test programs require the openssl and openssl-devel
packages.)

thanks,

Mimi