Menu
▾
▴
Re: [Linux-ima-user] TPM drivers support and Linux Integrity Module for 2.6.30
|
From: Shaz <sha...@gm...> - 2009-06-13 04:51:58
|
On Sat, Jun 13, 2009 at 9:36 AM, Shahbaz Khan <sha...@gm...> wrote: > > On Fri, 2009-06-12 at 20:44 +0600, Shahbaz Khan wrote: > > On Fri, Jun 12, 2009 at 8:33 PM, Shahbaz Khan<sha...@gm...> wrote: > > > On Fri, Jun 12, 2009 at 11:59 AM, Shahbaz Khan<sha...@gm...> wrote: > > >> Hi, > > >> > > >> I am using Intel Q45 Express chipset with TPM version 1.2 specs of > > >> TCG. The kernel version is 2.6.30. Problem is that the TPM drivers > > >> cannot provide functionality to the TCG TSS giving error message: > > >> > > >> "TCSD TDDL ERROR: Could not find a device to open!" > > >> > > >> The device node in /dev is also not being created which should be > > >> "/dev/tpm". If created manually then still it does not work. > > Someone mentioned that there are problems with the Intel chip, but > you're better off searching the tpmdd-devel list. Perhaps this applies: > hhttp://sourceforge.net/mailarchive/forum.php?thread_name=200811280943427180885%40gmail.com&forum_name=tpmdd-devel > > > > The same is true for the IMA service. I checked the kernel security > > > configuration for IMA test mode like in conventional IMA but could not > > > find any IMA test mode. Can we somehow run this new integrity module > > > without IMA? > > > > Sorry, i meant without TPM. Can IMA service run without TPM? > > Thanks for clarifying. Yes, it goes into Bypass mode if it doesn't find > a TPM. The first entry containing the boot-aggregate > in /sys/kernel/security/ima/ascii_runtime_measurements will be 0. > > > > > > > I get "TPM Device not found: TPM Bypass" and no directories are > > > created in /sys/kernel/security for IMA. Similar issues are also being > > > faced in 2.6.26-rc8. > > Is securityfs mounted? In addition, you'll want to mount the filesystem > with i_version support. Thanks Mimi. Got IMA working without TPM. I have no idea what this i_version is and how to enable it? Can someone please indicate some information on this? > > > >> > > >> What should be done? > > >> > > >> Thanks. > > >> > > >> -- > > >> Shaz > > I've added IMA testcases to LTP. I am interested in measuring SELinux policies, especially the loadable policy modules. I was not able to comprehend LTP scripts clearly. /sys/kernel/security/ima/policy vanishes if I try to open it for writing into it! This was my comprehension of the LTP script load_policy.sh :( Please some help needed here to understand. Some indication to good literature will be appreciated. I am well read on conventional IMA (LSM based) and SELinux so what else should be read to understand how LIM based IMA works. > > Mimi Apologies for the messy email. Had to do this for record. -- Shaz |