Menu
▾
▴
Re: [Linux-ima-user] boot aggregate measure
|
From: Micka <mic...@gm...> - 2017-06-12 13:16:53
|
I found out why I don't have TPM folder in the security folder : #if defined <http://elixir.free-electrons.com/linux/v4.8.17/ident/defined>(CONFIG_TCG_IBMVTPM) || defined <http://elixir.free-electrons.com/linux/v4.8.17/ident/defined>(CONFIG_TCG_IBMVTPM_MODULE) || \ defined <http://elixir.free-electrons.com/linux/v4.8.17/ident/defined>(CONFIG_ACPI)extern struct dentry **tpm_bios_log_setup <http://elixir.free-electrons.com/linux/v4.8.17/ident/tpm_bios_log_setup>(const char *);extern void tpm_bios_log_teardown <http://elixir.free-electrons.com/linux/v4.8.17/ident/tpm_bios_log_teardown>(struct dentry **);#elsestatic inline struct dentry **tpm_bios_log_setup <http://elixir.free-electrons.com/linux/v4.8.17/ident/tpm_bios_log_setup>(const char *name){ return NULL;}static inline void tpm_bios_log_teardown <http://elixir.free-electrons.com/linux/v4.8.17/ident/tpm_bios_log_teardown>(struct dentry **dir <http://elixir.free-electrons.com/linux/v4.8.17/ident/dir>){}#endif I wonder why other TPM can't use this feature ? Le lun. 12 juin 2017 à 09:36, Micka <mic...@gm...> a écrit : > I just compiled the tools, but I don't have this folder : > > /sys/kernel/security/tpm0 > > > I have the folder: > > /sys/class/tpm/tpm0/ > > I'm working with the kernel 4.4 . > > I tried also : > > ./ima_boot_aggregate /sys/kernel/security/ima/binary_runtime_measurements > 010 dc3bd4ee300406cd93181c5a2187b59b06000000 > Error event too longPCR-00: 0000000000000000000000000000000000000000 > PCR-01: 0000000000000000000000000000000000000000 > PCR-02: 0000000000000000000000000000000000000000 > PCR-03: 0000000000000000000000000000000000000000 > PCR-04: 0000000000000000000000000000000000000000 > PCR-05: 0000000000000000000000000000000000000000 > PCR-06: 0000000000000000000000000000000000000000 > PCR-07: 0000000000000000000000000000000000000000 > boot_aggregate:9797edf8d0eed36b1cf92547816051c8af4e45ee > > > Le lun. 12 juin 2017 à 08:06, Nayna <na...@li...> a écrit : > >> >> >> On 06/10/2017 03:39 PM, Micka wrote: >> > Thx, but my PCRS 0-7 are set to zero for the moment. I don't have yet a >> > secure boot. Is it the secure boot that provide the PCRS 0-7? >> > >> >> Trusted boot will provide PCRS 0-7. >> Did you try to execute the ima-tests which I shared and verified ? >> >> Thanks & Regards, >> - Nayna >> >> > >> > Micka, >> > >> > Le ven. 9 juin 2017 à 15:43, Nayna <na...@li... >> > <mailto:na...@li...>> a écrit : >> > >> > >> > >> > On 06/08/2017 02:25 PM, Micka wrote: >> > > Hi, >> > > >> > > I would like to know what boot aggregate measure means ? >> > >> > It is an aggregated hash of PCRS 0-7. >> > >> > > >> > > I have a problem, my PCR 10 is changing every time I reboot my >> > device: >> > > >> > > 10 ddee6404dc3bd4ee300406cd93181c5a2187b59b ima-ng >> > > sha1:9797edf8d9eed36b1cf92547816a51c8af4e45ee boot_aggregate >> > > >> > >> > You can verify your boot_aggregate by using the test scripts from >> > package ltp-ima-standalone-v2.tar.gz as available on: >> > https://sourceforge.net/projects/linux-ima/ >> > >> > Steps to use it are specified in below link: >> > http://linux-ima.sourceforge.net/linux-ima-measurements.html >> > >> > Thanks & Regards, >> > - Nayna >> > >> > > I have only activated: ima_audit=1 >> > > >> > > Michael Musset, >> > > >> > > >> > > >> > >> ------------------------------------------------------------------------------ >> > > Check out the vibrant tech community on one of the world's most >> > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> > > >> > > >> > > >> > > _______________________________________________ >> > > Linux-ima-user mailing list >> > > Lin...@li... >> > <mailto:Lin...@li...> >> > > https://lists.sourceforge.net/lists/listinfo/linux-ima-user >> > > >> > >> >> |
