Hi All,

Now i can see that ima is running using the 'dmesg | grep IMA' that is stated in the section 4 of the install instructions in the patch but I cannot find the mentioned /ima/binary_measurements nor the script print_ima_measuremnts that is mentioned in the section 5 of the instructions.

note that i also tried to see the measurements using

'cat /sys/kernel/security/ima/ascii_runtime_measurements'

 but no file present in "/sys/kernel/security"

please advice what needs to be done in order to read the measurements??


On Feb 5, 2008 4:43 PM, Tamleek Ali <tamleek091@gmail.com> wrote:
Hi All,

I applied the IMA patch  and then compiled the kernel successfully, with the instructions given in the patch. However, still after rebooting and making SELinux disable, i could not see any message regarding IMA in the "dmesg".

If any body can help me regarding installation of IMA, i will very thankful.

Thanking you in advance.

On Feb 5, 2008 12:14 PM, Tamleek Ali <tamleek091@gmail.com> wrote:
i cant see ima enabled in the

    #dmesg | grep ima

the steps that i performed are as follows...

1. downloaded the ibm-ima latest patch from sourceforge.net i.e ibm-ima-patch-2.6.22...

2. based on the patch downloaded the same kernel from kernel.org i.e. linux-2.6.22.tar.gz..

3. copied both the files to /usr/src

4. uncompressed the kernel to get linux-2.6.22 directory in /usr/src

5. cd kernel directory

6. checked whether the patch works

    #patch -p1 --dry-run < ibm-ima-2.6.22.patch
    and then patched successfully
    #cd /usr/src/linux-2.6.22

7. #make ; make modules_install; make install;

8. booted with the kernel with options selinux = 0 ima=1

Now i cannot see any ima in the dmesg.

i need to ask that
1. i dont have a hardware TPM neither have software TPM... will it work without the tpm ??
2. i couldnt do the menuconfig, as it didnt work on my system... can it be a problem??
3. is it nessesary to have the same kernel version as of ima patch??

Help needed please.