mirror of
https://git.code.sf.net/p/linux-ima/ima-evm-utils
synced 2025-04-28 14:43:37 +02:00
ff26f9704e
Validating a TPM quote of PCR-10, the default IMA PCR, requires not only sending the quote to the verifier, but the IMA measurement list as well. The attestation server can verify the IMA measurement list simply by walking the measurement list and re-calculating the PCRs based on the template data digest. In addition, the attestation server could verify the template data digest based on the template data. The LTP and standalone "ima_measure" test optionally verify the template data digest. Similarly add "--verify" support to conditionally verify the template data digest against the template data. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>