Hi Reiner,

Many thanks. Compiling TPM into the kernel worked. I was earlier loading it as a module.
Another question: Does IMA work in a virtual machine? Or for that matter is there any way to talk to TPM (using trousers or tpm-tools) from a virtual machine. I guess this depends on the virtualization tool being used. I have not been able to figure out a way to access the underlying TPM chip directly from a virtual machine.

Another approach could be to write an application which talks to TPM in host OS and then let an application in guest OS call this application in host OS. Can you please give me some pointers in this direction?

Kind Regards,
Lavina

On Fri, May 9, 2008 at 10:09 PM, Reiner Sailer <sailer@us.ibm.com> wrote:
Hi Lavina,

did you compile the TPM into the kernel or is it loaded as a module?  It
must be compiled into the kernel.

IMA requires the TPM to be available early at boot time before modules can
be loaded.

Reiner
__________________________________________________________
Reiner Sailer, RSM and Manager Security Services (GSAL) Team
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280  (t/l 863)  Fax: 914 784 6205, sailer@us.ibm.com
http://www.research.ibm.com/people/s/sailer/



 From:       "Lavina Jain" <lavina.jain@gmail.com>

 To:         linux-ima-user@lists.sourceforge.net

 Date:       05/09/2008 06:49 AM

 Subject:    [Linux-ima-user] no TPM chip found






Hi,

I compiled new kernel with ima support by applying
ibm-ima-patch-2.6.22.9.patch and following the instructions in the INSTALL
file. I am able to boot the new kernel, but it cannot find the TPM chip on
my laptop.
The output of "dmesg | grep IMA" is as follows:

[    5.360000] IBM Integrity Measurement Architecture (IBM IMA v8.3
10/09/2007).
[    5.360000]     IMA (test mode)
[    5.360000]     IMA (TPM/BYPASS - no TPM chip found)

I am using Lenovo X61 laptop that has Atmel TPM chip. I am able to talk to
TPM using trousers and tpm-tools. Commands like tpm_version are working.
Modules tpm_bios, tpm and tpm_tis are loaded. Any ideas why IMA cannot find
the TPM chip?

Kind Regards,
Lavina

--
"Unravelling life's mysteries and discovering life's secrets may take the
courage and determination found only in a self-motivated pursuit."
- Peter McWilliams
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Linux-ima-user mailing list
Linux-ima-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-ima-user






--
"Unravelling life's mysteries and discovering life's secrets may take the courage and determination found only in a self-motivated pursuit."
- Peter McWilliams