[LTP] [PATCH] ima: skip verifying TPM 2.0 PCR values
Serge E. Hallyn
serge@hallyn.com
Fri Oct 25 14:52:02 CEST 2019
On Fri, Oct 25, 2019 at 10:56:17AM +0200, Petr Vorel wrote:
> Hi,
>
> > /sys/kernel/security/tpmX/major_version (on fedora and rhel at least, is it elsewhere on other distros?)
>
> > versus
>
> > /sys/class/tpm/tpmX/major_version
>
> Is it more HW related (/sys/class/tpm/tpmX) or LSM related
> (/sys/kernel/security/tpmX)?
> I guess /sys/kernel/security/tpmX might be better.
This is purely about whether the phsyical TPM chip is 1.2 or 2.,
right? /sys/class/tpm/tpmX is where I would expect to find that.
> Thanks for implementing this, I'll try to test it soon.
Yes, it's been a pain point, and someone (..., I) should have done this years
ago - thanks!
More information about the ltp
mailing list