[LTP] [PATCH v3 2/4] IMA: Rewrite ima_boot_aggregate.c to new API
Mimi Zohar
zohar@linux.ibm.com
Tue Sep 29 23:39:06 CEST 2020
On Tue, 2020-09-29 at 18:50 +0200, Petr Vorel wrote:
> The main reason was to see TCONF messages, which are printed into stderr
> in new API (but to stdout in legacy API) and thus visible as the output
> is redirected into the variable.
>
> Changing boot_aggregate: to sha1: to be compatible with evmctl
> ima_boot_aggregate.
>
> Signed-off-by: Petr Vorel <pvorel@suse.cz>
> ---
<snip>
> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> index c69f891f1..dc958eb5c 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> @@ -33,7 +33,7 @@ test1()
> tst_res TFAIL "bios boot aggregate is not 0"
> fi
> else
> - boot_aggregate=$(ima_boot_aggregate $tpm_bios | grep "boot_aggregate:" | cut -d':' -f2)
> + boot_aggregate=$(ima_boot_aggregate -f $tpm_bios | grep "sha1:" | cut -d':' -f2)
> if [ "$boot_hash" = "$boot_aggregate" ]; then
> tst_res TPASS "bios aggregate matches IMA boot aggregate"
> else
The original "ima" template is just the hash digest, without the
algorithm.
Mimi
More information about the ltp
mailing list