Menu
▾
▴
Re: [Linux-ima-user] ima-ng template
|
From: Mimi Z. <zo...@li...> - 2017-03-10 11:24:33
|
On Mon, 2017-03-06 at 11:43 +0000, Micka wrote: > Hi, > > I would like to know what ima-ng template measure ? > > Why I have only PCR-10 working in my TPM ? How can I have other PCRs ? I > heard that you can measure bin file, lib file ? how does it work ? Where is > the list of those files that the IMA will measure ? IMA measures, appraises the integrity, and audits files based on policy. The builtin policy "ima_policy=tcb", which measures files, and the "ima_appraise_tcb", which appraises the integrity of files, can be defined on the boot command line. These builtin policies can be replaced with a custom policy. Refer to Documentation/ABI/testing/ima_policy on how to define a custom policy. IMA has traditionally extended only TPM PCR 10. In some situations, you might want to extend other PCRs. Missing from the documentation is the rule option "pcr=", which allows specifying different pcrs. Mimi |
