Menu
▾
▴
Re: [Linux-ima-user] Why ascii_runtime_measurements only has one entry
|
From: Mimi Z. <zo...@li...> - 2017-09-11 22:06:52
|
On Mon, 2017-09-11 at 16:02 +0800, shijun zhao wrote: > Hi everyone, > > I want to use IMA to measure my system, but I find that the > ascii_runtime_measurements only has one entry. > I'm using Ubuntu 16.04, Linux kernel is 4.4.62, and I don't have hardware > TPM chip. > > The entry in ascii_runtime_measurements is as follows: > 10 719de8e521439498e9b77f6ed41e230b9821111e ima > 0000000000000000000000000000000000000000 boot_aggregate The TPM is needed for quoting the PCRs. Without a TPM, IMA goes into bypass mode. Try specifying "ima_policy=tcb" on the boot command line. Mimi |
