Re: [Linux-ima-user] An IMA newbie question

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Mimi,

I used your latest test code and added ima_tcb and ima=on to the kernel
cmds.  I still got the the same error. Any suggestions? - Thanks.

-bash-4.1# ./ima_measure /sys/kernel/security/tpm0/binary_bios_measurements
--verbose
### PCR HASH                                  TEMPLATE-NAME
  0 000  08 00 00 00 29 8D F1 25 B2 60 EF 64 20 1B DF 08 15 C0 03
87248900926 ERROR: event name too long!

-bash-4.1# cat /proc/cmdline
initrd=initramfs-2.6.32-131.6.1.el6.cs.x86_64.img mem=8G root=xyz rw ima_tcb
ima=on BOOT_IMAGE=vmlinuz-2.6.32-131.6.1.el6.cs.x86_64

Regards,

David

On Thu, Aug 4, 2011 at 3:38 PM, Mimi Zohar <zo...@li...> wrote:

> On Thu, 2011-08-04 at 10:55 -0700, David Li wrote:
> > Hi Mimi,
> >
> >
> > My HS22 is running RHEL6:
> >
> >
> > -bash-4.1# uname -r
> > 2.6.32-131.6.1.el6.cs.x86_64
> >
> >
> > The machine is PXEBooted:
> >
> >
> > -bash-4.1# cat /proc/cmdline
> > initrd=initramfs-2.6.32-131.6.1.el6.cs.x86_64.img mem=8G root=<xyz> rw
> > BOOT_IMAGE=vmlinuz-2.6.32-131.6.1.el6.cs.x86_64
>
> IMA is enabled in RHEL6 by default, but to collect measurements requires
> replacing the null policy with the TCB one, by specifying the 'ima_tcb'
> boot command line parameter. In addition, you might need to specify the
> 'ima=on' parameter as well.
>
> Instead of downloading the individual IMA test programs and the LTP
> 'glue' (eg. include files, definitions and stub functions) separately,
> the new ltp-ima-standalone tar file includes the IMA tests.
> (
> http://downloads.sf.net/project/linux-ima/linux-ima/ltp-ima-standalone.tar.gz
> )
> (The IMA LTP test programs require the openssl and openssl-devel
> packages.)
>
> thanks,
>
> Mimi
>
>
>