dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-10-31 05:00:41 +01:00
Code Releases Activity

ima-evm-utils: tests: verify the last "boot_aggregate" record

Browse Source 
For each kexec, an additional "boot_aggregate" will appear in the
measurement list, assuming the previous measurement list is carried
across kexec.

Verify that the last "boot_aggregate" record in the IMA measurement list
matches.  The "boot_aggregate" is either the last field (e.g. "ima-ng")
or the second to last field (e.g. "ima-sig") in the measurement list
record.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Mimi Zohar
2020-03-11 14:42:59 -04:00
parent c5732b6d95
commit 5404aa8397
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tests/boot_aggregate.test
View File

@@ -100,6 +100,12 @@ display_pcrs() {
} }
# The first entry in the IMA measuremnet list is the "boot_aggregate". # The first entry in the IMA measuremnet list is the "boot_aggregate".
# For each kexec, an additional "boot_aggregate" will appear in the
# measurement list, assuming the previous measurement list is carried
# across the kexec.
#
# Verify that the last "boot_aggregate" record in the IMA measurement
# list matches.
check() { check() {
echo "INFO: Calculating the boot_aggregate (PCRs 0 - 7) for multiple banks" echo "INFO: Calculating the boot_aggregate (PCRs 0 - 7) for multiple banks"
bootaggr=$(evmctl ima_boot_aggregate) bootaggr=$(evmctl ima_boot_aggregate)
@@ -115,7 +121,7 @@ check() {
if [ "$VERBOSE" != "0" ]; then if [ "$VERBOSE" != "0" ]; then
echo "$hash" echo "$hash"
fi fi
if grep -q "${hash}" "${ASCII_RUNTIME_MEASUREMENTS}"; then if grep -e "boot_aggregate$" -e "boot_aggregate.$" "${ASCII_RUNTIME_MEASUREMENTS}" | tail -n 1 | grep -q "${hash}"; then
echo "SUCCESS: boot_aggregate ${hash} found" echo "SUCCESS: boot_aggregate ${hash} found"
return "$OK" return "$OK"
fi fi