Now i can see that ima is running using the 'dmesg | grep IMA' that is stated in the section 4 of the install instructions in the patch but I cannot find the mentioned /ima/binary_measurements nor the script print_ima_measuremnts that is mentioned in the section 5 of the instructions.
note that i also tried to see the measurements using
but no file present in "/sys/kernel/security"
please advice what needs to be done in order to read the measurements??
I applied the IMA patch and then compiled the kernel successfully, with the instructions given in the patch. However, still after rebooting and making SELinux disable, i could not see any message regarding IMA in the "dmesg".
If any body can help me regarding installation of IMA, i will very thankful.
Thanking you in advance.
KhanjeeOn Feb 5, 2008 12:14 PM, Tamleek Ali <firstname.lastname@example.org> wrote:
i cant see ima enabled in the
#dmesg | grep ima
the steps that i performed are as follows...
1. downloaded the ibm-ima latest patch from sourceforge.net i.e ibm-ima-patch-2.6.22...
2. based on the patch downloaded the same kernel from kernel.org i.e. linux-2.6.22.tar.gz..
3. copied both the files to /usr/src
4. uncompressed the kernel to get linux-2.6.22 directory in /usr/src
5. cd kernel directory
6. checked whether the patch works
#patch -p1 --dry-run < ibm-ima-2.6.22.patch
and then patched successfully
7. #make ; make modules_install; make install;
8. booted with the kernel with options selinux = 0 ima=1
Now i cannot see any ima in the dmesg.
i need to ask that
1. i dont have a hardware TPM neither have software TPM... will it work without the tpm ??
2. i couldnt do the menuconfig, as it didnt work on my system... can it be a problem??
3. is it nessesary to have the same kernel version as of ima patch??
Help needed please.