[LTP] [LTP v4 4/5] IMA: Add a test to verify measurement of certificate imported into a keyring
Petr Vorel
pvorel@suse.cz
Fri Aug 28 08:05:54 CEST 2020
Hi Mimi,
> Thanks, Petr. This works properly. To remove the "hack", would
> require running the test from "ima", not "ima/tests", but that would
> require fixing how ima_setup.sh is called. It also would still
> require setting TST_DATAROOT to TST_DATAROOT/$TST_ID.
Let's keep it and suppose people run tests from ima/tests.
This needs to be fixed on LTP side, I have it on my TODO list.
Anything else?
After that I'll work on ima_tpm.sh and after on policy automatic loading.
BTW there are also plans for reboot support [1] [2], that could be used as
workaround for configuration without CONFIG_IMA_READ_POLICY=y and
CONFIG_IMA_WRITE_POLICY=y.
[1] http://lists.linux.it/pipermail/ltp/2020-August/018636.html
[2] http://lists.linux.it/pipermail/ltp/2020-August/018658.html
> Mimi
Kind regards,
Petr
More information about the ltp
mailing list