[LTP] [PATCH v3 2/4] IMA: Rewrite ima_boot_aggregate.c to new API
Petr Vorel
pvorel@suse.cz
Wed Sep 30 08:53:48 CEST 2020
Hi Mimi,
> <snip>
> > diff --git a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> > index c69f891f1..dc958eb5c 100755
> > --- a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> > +++ b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh
> > @@ -33,7 +33,7 @@ test1()
> > tst_res TFAIL "bios boot aggregate is not 0"
> > fi
> > else
> > - boot_aggregate=$(ima_boot_aggregate $tpm_bios | grep "boot_aggregate:" | cut -d':' -f2)
> > + boot_aggregate=$(ima_boot_aggregate -f $tpm_bios | grep "sha1:" | cut -d':' -f2)
> > if [ "$boot_hash" = "$boot_aggregate" ]; then
> > tst_res TPASS "bios aggregate matches IMA boot aggregate"
> > else
> The original "ima" template is just the hash digest, without the
> algorithm.
Yes, but this code is output of ima_boot_aggregate.c. And code detecting old
format is still working (verified on ima_measurements.sh with ima_tcb kernel
parameter on 3.10).
Kind regards,
Petr
More information about the ltp
mailing list