[LTP] [PATCH] ima: skip verifying TPM 2.0 PCR values

Petr Vorel pvorel@suse.cz
Fri May 17 08:51:16 CEST 2019


Hi Mimi,

> TPM 1.2 exported the PCRs.  Reading the TPM 2.0 PCRs requires a
> userspace application.  For now, skip this test.

> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Petr Vorel <pvorel@suse.cz>
> ---
>  testcases/kernel/security/integrity/ima/tests/ima_tpm.sh | 8 ++++++++
>  1 file changed, 8 insertions(+)

> diff --git a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> index 0ffc3c02247d..ebe4b4c360e4 100755
> --- a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> @@ -88,6 +88,14 @@ test2()
>  	tst_res TINFO "verify PCR values"
>  	tst_check_cmds evmctl

> +	local tpm_description="/sys/class/tpm/tpm0/device/description"
> +	if [ -f "$tpm_description" ]; then
> +		if grep -q "^\TPM 2.0" $tpm_description; then
I guess the backslash in "^\TPM 2.0" is a typo.
If yes, no need to repost, I'll fix it when applying your patch.
+ I'd prefer join 2 ifs into single one, but that's just matter of preference,
not important.

> +			tst_res TCONF "TPM 2.0 enabled, but not supported"
> +			return 0
> +		fi
> +	fi
> +
>  	tst_res TINFO "evmctl version: $(evmctl --version)"

>  	local pcrs_path="/sys/class/tpm/tpm0/device/pcrs"

Thanks for your fix.

Kind regards,
Petr


More information about the ltp mailing list