[LTP] [PATCH] ima: skip verifying TPM 2.0 PCR values
Mimi Zohar
zohar@linux.ibm.com
Fri Oct 25 15:22:15 CEST 2019
On Fri, 2019-10-25 at 07:52 -0500, Serge E. Hallyn wrote:
> On Fri, Oct 25, 2019 at 10:56:17AM +0200, Petr Vorel wrote:
> > Hi,
> >
> > > /sys/kernel/security/tpmX/major_version (on fedora and rhel at
> least, is it elsewhere on other distros?)
This patch doesn't define a securityfs file. It must be a soft link
to the actual file.
> > > versus
> >
> > > /sys/class/tpm/tpmX/major_version
This is a softlink to the TPM device (eg.
/sys/devices/xxxx/.../tpm/tpm0).
> >
> > Is it more HW related (/sys/class/tpm/tpmX) or LSM related
> > (/sys/kernel/security/tpmX)?
> > I guess /sys/kernel/security/tpmX might be better.
>
> This is purely about whether the phsyical TPM chip is 1.2 or 2.,
> right? /sys/class/tpm/tpmX is where I would expect to find that.
>
> > Thanks for implementing this, I'll try to test it soon.
>
> Yes, it's been a pain point, and someone (..., I) should have done this years
> ago - thanks!
+1
More information about the ltp
mailing list