Many thanks. Compiling TPM into the kernel worked. I was earlier loading it as a module.
Another question: Does IMA work in a virtual machine? Or for that matter is there any way to talk to TPM (using trousers or tpm-tools) from a virtual machine. I guess this depends on the virtualization tool being used. I have not been able to figure out a way to access the underlying TPM chip directly from a virtual machine.
Another approach could be to write an application which talks to TPM in host OS and then let an application in guest OS call this application in host OS. Can you please give me some pointers in this direction?
did you compile the TPM into the kernel or is it loaded as a module? It
must be compiled into the kernel.
IMA requires the TPM to be available early at boot time before modules can
Reiner Sailer, RSM and Manager Security Services (GSAL) Team
IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532
Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, firstname.lastname@example.org
From: "Lavina Jain" <email@example.com>
Date: 05/09/2008 06:49 AM
Subject: [Linux-ima-user] no TPM chip found
I compiled new kernel with ima support by applying
ibm-ima-patch-22.214.171.124.patch and following the instructions in the INSTALL
file. I am able to boot the new kernel, but it cannot find the TPM chip on
The output of "dmesg | grep IMA" is as follows:
[ 5.360000] IBM Integrity Measurement Architecture (IBM IMA v8.3
[ 5.360000] IMA (test mode)
[ 5.360000] IMA (TPM/BYPASS - no TPM chip found)
I am using Lenovo X61 laptop that has Atmel TPM chip. I am able to talk to
TPM using trousers and tpm-tools. Commands like tpm_version are working.
Modules tpm_bios, tpm and tpm_tis are loaded. Any ideas why IMA cannot find
the TPM chip?
"Unravelling life's mysteries and discovering life's secrets may take the
courage and determination found only in a self-motivated pursuit."
- Peter McWilliams
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
Linux-ima-user mailing list