Menu
▾
▴
Re: [Linux-ima-user] TPM drivers support and Linux Integrity Module for 2.6.30
|
From: Shaz <sha...@gm...> - 2009-06-13 07:43:35
|
On Sat, Jun 13, 2009 at 10:51 AM, Shaz<sha...@gm...> wrote: > On Sat, Jun 13, 2009 at 9:36 AM, Shahbaz Khan <sha...@gm...> wrote: >> >> On Fri, 2009-06-12 at 20:44 +0600, Shahbaz Khan wrote: >> > On Fri, Jun 12, 2009 at 8:33 PM, Shahbaz Khan<sha...@gm...> wrote: >> > > On Fri, Jun 12, 2009 at 11:59 AM, Shahbaz Khan<sha...@gm...> wrote: >> > >> Hi, >> > >> >> > >> I am using Intel Q45 Express chipset with TPM version 1.2 specs of >> > >> TCG. The kernel version is 2.6.30. Problem is that the TPM drivers >> > >> cannot provide functionality to the TCG TSS giving error message: >> > >> >> > >> "TCSD TDDL ERROR: Could not find a device to open!" >> > >> >> > >> The device node in /dev is also not being created which should be >> > >> "/dev/tpm". If created manually then still it does not work. >> >> Someone mentioned that there are problems with the Intel chip, but >> you're better off searching the tpmdd-devel list. Perhaps this applies: >> hhttp://sourceforge.net/mailarchive/forum.php?thread_name=200811280943427180885%40gmail.com&forum_name=tpmdd-devel >> >> > > The same is true for the IMA service. I checked the kernel security >> > > configuration for IMA test mode like in conventional IMA but could not >> > > find any IMA test mode. Can we somehow run this new integrity module >> > > without IMA? >> > >> > Sorry, i meant without TPM. Can IMA service run without TPM? >> >> Thanks for clarifying. Yes, it goes into Bypass mode if it doesn't find >> a TPM. The first entry containing the boot-aggregate >> in /sys/kernel/security/ima/ascii_runtime_measurements will be 0. >> >> > > >> > > I get "TPM Device not found: TPM Bypass" and no directories are >> > > created in /sys/kernel/security for IMA. Similar issues are also being >> > > faced in 2.6.26-rc8. >> >> Is securityfs mounted? In addition, you'll want to mount the filesystem >> with i_version support. > > Thanks Mimi. Got IMA working without TPM. I have no idea what this > i_version is and how to enable it? Can someone please indicate some > information on this? > >> >> > >> >> > >> What should be done? >> > >> >> > >> Thanks. >> > >> >> > >> -- >> > >> Shaz >> >> I've added IMA testcases to LTP. > > I am interested in measuring SELinux policies, especially the loadable > policy modules. I was not able to comprehend LTP scripts clearly. I am confusing something but got the selinux policy and LPM measurements as I needed it. So my issues are solved but would appreciate help in my confusions regarding "i_version" and LTP. Thanks. > > /sys/kernel/security/ima/policy vanishes if I try to open it for > writing into it! This was my comprehension of the LTP script > load_policy.sh :( > > Please some help needed here to understand. Some indication to good > literature will be appreciated. I am well read on conventional IMA > (LSM based) and SELinux so what else should be read to understand how > LIM based IMA works. > >> >> Mimi > > Apologies for the messy email. Had to do this for record. > > -- > Shaz > -- Shaz |
