ima-evm-utils: tests: verify boot_aggregate

Calculate the boot_aggregate for each TPM bank and verify that the boot_aggregate in the IMA measurement list matches one of them. A software TPM may be used to verify the boot_aggregate. If a software TPM is not already running on the system, this test starts one and initializes the TPM PCR banks by walking the sample binary_bios_measurements event log, included in this directory, and extending the TPM PCRs. The associated ascii_runtime_measurements for verifying the calculated boot_aggregate is included in this directory as well. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2025-07-02 21:53:17 +02:00 · 2020-03-10 18:44:36 -04:00
parent 917317a8ea
commit c5732b6d95
7 changed files with 179 additions and 1 deletions
--- a/tests/sample-tpm-2.0-pcrs-8-9
+++ b/tests/sample-tpm-2.0-pcrs-8-9
@ -0,0 +1,25 @@
+pcrread: tsspcrread -halg sha1
+0: 92c1850372e9493929aa9a2e9ea953e21ff1be45
+1: 41c54039ca2750ea60d8ab7c48b142b10aba5667
+2: b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
+3: b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
+4: 4c1a19aad90f770956ff5ee00334a2d548b1a350
+5: a1444a8a9904666165730168b3ae489447d3cef7
+6: b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
+7: 5c6327a67ff36f138e0b7bb1d2eafbf8a6e52ebf
+8: fed489d2e5f9f85136e5ff53553d5f8b978dbe1a
+9: a2fa191f2622bb014702013bfebfca9fe210d9e5
+10: 3134641a3e8a1f5f75fa850bb21c3104d6ab863b
+11: 0000000000000000000000000000000000000000
+12: 0000000000000000000000000000000000000000
+13: 0000000000000000000000000000000000000000
+14: 71161a5707051fa7d6f584d812240b2e80f61942
+15: 0000000000000000000000000000000000000000
+16: 0000000000000000000000000000000000000000
+17: ffffffffffffffffffffffffffffffffffffffff
+18: ffffffffffffffffffffffffffffffffffffffff
+19: ffffffffffffffffffffffffffffffffffffffff
+20: ffffffffffffffffffffffffffffffffffffffff
+21: ffffffffffffffffffffffffffffffffffffffff
+22: ffffffffffffffffffffffffffffffffffffffff
+23: 0000000000000000000000000000000000000000