Re: [Linux-ima-user] no ima or tpm0 measurements

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

TCG_TPM is enabled:
cat /usr/src/kernels/2.6.32-358.118.1.openstack.el6.x86_64/.config | grep
CONFIG_TCG_TPM
CONFIG_TCG_TPM=y

A possibly related issues I've noticed (after the system is restarted) is
this:
  service tcsd start
  insmod: error inserting
'/lib/modules/2.6.32-358.118.1.openstack.el6.x86_64/kernel/drivers/char/tpm/tpm_atmel.ko':
-1 No such device
  Starting tcsd:                                             [  OK  ]

, however this issue should not be related to my problem as it it's
explained here:
http://support.lenovo.com/en_US/detail.page?DocID=HT076606
<http://support.lenovo.com/en_US/detail.page?DocID=HT076606>

tpm_selftest returns:
 TPM Test Results: 00

thank you
/Nico

P.S. OK, apparently the tpm0 measurements were an RTFM issue -- after
executing

  mount -t securityfs security /sys/kernel/security

the directory /sys/kernel/security/tpm0  contains the measurements;
however, the ima directory with measurements
is still missing

On 25 September 2013 17:41, Mimi Zohar <zo...@li...> wrote:

> On Wed, 2013-09-25 at 17:10 +0200, Nicolae Paladi wrote:
> > On 25 September 2013 16:52, Mimi Zohar <zo...@li...> wrote:
> >
> > > On Wed, 2013-09-25 at 14:33 +0200, Nicolae Paladi wrote:
> > > > Hi,
> > > >
> > > > I'm using a CentOS 6.4 platform with the 2.6.32 kernel;
> > > >
> > > > I boot with the following arguments:
> > > >
> > > > ro root=/dev/mapper/myhost-root rd_NO_LUKS rd_LVM_LV=myhost/root
> > > > LANG=en_US.UTF-8  KEYBOARDTYPE=pc KEYTABLE=sv-latin1 rd_NO_MD
> > > SYSFONT=lata
> > > > rcyrheb-sun16 ima_tcb ima=on crashkernel=129M@0M rd_NO_DM rhgb quiet
> > > >
> > > > tpm_version show the following:
> > > >  TPM 1.2 Version Info:
> > > > Chip Version:        1.2.8.28
> > > > Spec Level:          2
> > > > Errata Revision:     3
> > > > TPM Vendor ID:       STM
> > > > TPM Version:         01010000
> > > >
> > > >
> > > > However, there is no output in the /sys/kernel/security/ directory;
> > > > The BIOS settings are correct since there WAS an expected output when
> > > > I was running on a Ubuntu platform.
> > > >
> > > > Am I badly missing something here? Or is this a bug?
> > > >
> > > > Thank you,
> > > > /Nico
> > >
> > > Make sure the TPM is builtin, not as a module, and IMA,EVM are enabled.
> > >
> > > IMA is enabled, as far as I see:
> >
> > cat /usr/src/kernels/2.6.32-358.118.1.openstack.el6.x86_64/.config | grep
> > CONFIG_IMA
> > CONFIG_IMA=y
> > CONFIG_IMA_MEASURE_PCR_IDX=10
> > CONFIG_IMA_AUDIT=y
> > CONFIG_IMA_LSM_RULES=y
> >
> > How can I see that the TPM is 'builtin'? The machine was shipped with the
> > TPM, it's a dell rack server;
>
> Check that 'CONFIG_TCG_TPM=y' is enabled.
>
> Even without the TPM enabled, there should be a measurement list.
> 'ima_tcb' is the only boot command line parameter needed.  (Try removing
> ima=on.)
>
> thanks,
>
> Mimi
>
>