dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-07-01 21:31:14 +02:00
Code Releases Activity

Fix reading the TPM 2.0 PCRs

Browse Source 
Prior to the support for reading the TPM 2.0 PCRs via the sysfs
interface, based on environment variables the userspace application read
either the physical or software TPM's PCRs.

With the support for reading the exported TPM 2.0 PCRs via the sysfs
interface, the physical TPM's PCRs are always read.  Define a new evmctl
option named '--hwtpm' to limit reading the TPM 2.0 PCRs via the sysfs
interface.

Fixes: a141bd5942 ("add support for reading per bank TPM 2.0 PCRs via sysfs")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Mimi Zohar
2023-01-27 07:22:48 -05:00
parent 0290acff79
commit 8f6ba073a0
2 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tests/boot_aggregate.test
View File

@ -126,8 +126,10 @@ display_pcrs() {
# Verify that the last "boot_aggregate" record in the IMA measurement
# list matches.
check() {
local options=$1
echo "INFO: Calculating the boot_aggregate (PCRs 0 - 9) for multiple banks"
bootaggr=$(evmctl ima_boot_aggregate)
bootaggr=$(evmctl ima_boot_aggregate ${options})
if [ $? -ne 0 ]; then
echo "${CYAN}SKIP: evmctl ima_boot_aggregate: $bootaggr${NORM}"
exit "$SKIP"
@ -151,6 +153,7 @@ check() {
}
if [ "$(id -u)" = 0 ] && [ -c "/dev/tpm0" ]; then
BOOTAGGR_OPTIONS="--hwtpm"
ASCII_RUNTIME_MEASUREMENTS="/sys/kernel/security/ima/ascii_runtime_measurements"
if [ ! -d "/sys/kernel/security/ima" ]; then
echo "${CYAN}SKIP: CONFIG_IMA not enabled${NORM}"
@ -194,4 +197,4 @@ if [ "$(id -u)" != 0 ] || [ ! -c "/dev/tpm0" ]; then
fi
fi
expect_pass check
expect_pass check $BOOTAGGR_OPTIONS