Re: [Linux-ima-user] IMA installation problem...

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thanks Kent and Saurabh

The problem was with securityfs... i have edited '/etc/fstab ' for
securityfs and its automatically mounted. Problem with ima is solved.
Now my software TPM is not working, i have already some email exchanged with
Mario Stressor regarding software TPM installation but could get through it.
The error i get is
"Can't open TPM driver!"
Any help or link regarding software TPM installation will be greatly
appriciated.

Regards,

On Feb 6, 2008 8:15 PM, Kent Yoder <shp...@gm...> wrote:

> Hi Tamleek,
>
>  You probably don't have securityfs mounted.  IIRC you can mount it with:
>
> # mount -t securityfs securityfs /sys/kernel/security
>
> Kent
>
> On Feb 6, 2008 5:02 AM, Tamleek Ali <tam...@gm...> wrote:
> > Hi All,
> >
> > Now i can see that ima is running using the 'dmesg | grep IMA' that is
> > stated in the section 4 of the install instructions in the patch but I
> > cannot find the mentioned /ima/binary_measurements nor the script
> > print_ima_measuremnts that is mentioned in the section 5 of the
> > instructions.
> >
> > note that i also tried to see the measurements using
> >
> > 'cat /sys/kernel/security/ima/ascii_runtime_measurements'
> >
> >  but no file present in "/sys/kernel/security"
> >
> > please advice what needs to be done in order to read the measurements??
> >
> > Regards
> > Khanjee
> >
> >
> >
> > On Feb 5, 2008 4:43 PM, Tamleek Ali <tam...@gm...> wrote:
> > > Hi All,
> > >
> > > I applied the IMA patch  and then compiled the kernel successfully,
> with
> > the instructions given in the patch. However, still after rebooting and
> > making SELinux disable, i could not see any message regarding IMA in the
> > "dmesg".
> > >
> > > If any body can help me regarding installation of IMA, i will very
> > thankful.
> > >
> > > Thanking you in advance.
> > > Khanjee
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Feb 5, 2008 12:14 PM, Tamleek Ali <tam...@gm...> wrote:
> > >
> > > > i cant see ima enabled in the
> > > >
> > > >     #dmesg | grep ima
> > > >
> > > > the steps that i performed are as follows...
> > > >
> > > > 1. downloaded the ibm-ima latest patch from sourceforge.net i.e
> > ibm-ima-patch-2.6.22...
> > > >
> > > > 2. based on the patch downloaded the same kernel from kernel.org i.e
> .
> > linux-2.6.22.tar.gz..
> > > >
> > > > 3. copied both the files to /usr/src
> > > >
> > > > 4. uncompressed the kernel to get linux-2.6.22 directory in /usr/src
> > > >
> > > > 5. cd kernel directory
> > > >
> > > > 6. checked whether the patch works
> > > >
> > > >     #patch -p1 --dry-run < ibm-ima-2.6.22.patch
> > > >     and then patched successfully
> > > >     #cd /usr/src/linux-2.6.22
> > > >
> > > > 7. #make ; make modules_install; make install;
> > > >
> > > > 8. booted with the kernel with options selinux = 0 ima=1
> > > >
> > > > Now i cannot see any ima in the dmesg.
> > > >
> > > > i need to ask that
> > > > 1. i dont have a hardware TPM neither have software TPM... will it
> work
> > without the tpm ??
> > > > 2. i couldnt do the menuconfig, as it didnt work on my system... can
> it
> > be a problem??
> > > > 3. is it nessesary to have the same kernel version as of ima patch??
> > > >
> > > > Help needed please.
> > > >
> > > >
> > > > Khanjee
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
> >
> -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2008.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > _______________________________________________
> > Linux-ima-user mailing list
> > Lin...@li...
> > https://lists.sourceforge.net/lists/listinfo/linux-ima-user
> >
> >
>
>
>
> --
> Kent Yoder
> IBM LTC Security Dev.
>