From: Petr Vorel <pvorel@suse.cz> To: Mimi Zohar <zohar@linux.ibm.com> Cc: ltp@lists.linux.it, Lakshmi Ramasubramanian <nramas@linux.microsoft.com>, Mimi Zohar <zohar@linux.vnet.ibm.com>, Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>, linux-integrity@vger.kernel.org Subject: Re: [PATCH v3 2/4] IMA: Rewrite ima_boot_aggregate.c to new API Date: Wed, 30 Sep 2020 08:53:48 +0200 [thread overview] Message-ID: <20200930065348.GB21664@dell5510> (raw) In-Reply-To: <4c0ec7617f2686ffdd4565a05beddd34ebf0b6aa.camel@linux.ibm.com> Hi Mimi, > <snip> > > diff --git a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh > > index c69f891f1..dc958eb5c 100755 > > --- a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh > > +++ b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh > > @@ -33,7 +33,7 @@ test1() > > tst_res TFAIL "bios boot aggregate is not 0" > > fi > > else > > - boot_aggregate=$(ima_boot_aggregate $tpm_bios | grep "boot_aggregate:" | cut -d':' -f2) > > + boot_aggregate=$(ima_boot_aggregate -f $tpm_bios | grep "sha1:" | cut -d':' -f2) > > if [ "$boot_hash" = "$boot_aggregate" ]; then > > tst_res TPASS "bios aggregate matches IMA boot aggregate" > > else > The original "ima" template is just the hash digest, without the > algorithm. Yes, but this code is output of ima_boot_aggregate.c. And code detecting old format is still working (verified on ima_measurements.sh with ima_tcb kernel parameter on 3.10). Kind regards, Petr
WARNING: multiple messages have this Message-ID (diff)
From: Petr Vorel <pvorel@suse.cz> To: ltp@lists.linux.it Subject: [LTP] [PATCH v3 2/4] IMA: Rewrite ima_boot_aggregate.c to new API Date: Wed, 30 Sep 2020 08:53:48 +0200 [thread overview] Message-ID: <20200930065348.GB21664@dell5510> (raw) In-Reply-To: <4c0ec7617f2686ffdd4565a05beddd34ebf0b6aa.camel@linux.ibm.com> Hi Mimi, > <snip> > > diff --git a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh > > index c69f891f1..dc958eb5c 100755 > > --- a/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh > > +++ b/testcases/kernel/security/integrity/ima/tests/ima_tpm.sh > > @@ -33,7 +33,7 @@ test1() > > tst_res TFAIL "bios boot aggregate is not 0" > > fi > > else > > - boot_aggregate=$(ima_boot_aggregate $tpm_bios | grep "boot_aggregate:" | cut -d':' -f2) > > + boot_aggregate=$(ima_boot_aggregate -f $tpm_bios | grep "sha1:" | cut -d':' -f2) > > if [ "$boot_hash" = "$boot_aggregate" ]; then > > tst_res TPASS "bios aggregate matches IMA boot aggregate" > > else > The original "ima" template is just the hash digest, without the > algorithm. Yes, but this code is output of ima_boot_aggregate.c. And code detecting old format is still working (verified on ima_measurements.sh with ima_tcb kernel parameter on 3.10). Kind regards, Petr
next prev parent reply other threads:[~2020-09-30 6:53 UTC|newest] Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-09-29 16:50 [PATCH v3 0/4] TPM 2.0 fixes in IMA tests Petr Vorel 2020-09-29 16:50 ` [LTP] " Petr Vorel 2020-09-29 16:50 ` [PATCH v3 1/4] IMA: Move get_algorithm_digest(), set_digest_index() to ima_setup.sh Petr Vorel 2020-09-29 16:50 ` [LTP] " Petr Vorel 2020-09-29 16:50 ` [PATCH v3 2/4] IMA: Rewrite ima_boot_aggregate.c to new API Petr Vorel 2020-09-29 16:50 ` [LTP] " Petr Vorel 2020-09-29 21:39 ` Mimi Zohar 2020-09-29 21:39 ` [LTP] " Mimi Zohar 2020-09-30 6:53 ` Petr Vorel [this message] 2020-09-30 6:53 ` Petr Vorel 2020-09-29 16:50 ` [PATCH v3 3/4] ima_tpm.sh: Fix calculating boot aggregate Petr Vorel 2020-09-29 16:50 ` [LTP] " Petr Vorel 2020-09-29 20:46 ` Mimi Zohar 2020-09-29 20:46 ` [LTP] " Mimi Zohar 2020-09-29 16:50 ` [PATCH v3 4/4] ima_tpm.sh: Fix calculating PCR aggregate Petr Vorel 2020-09-29 16:50 ` [LTP] " Petr Vorel 2020-09-29 19:01 ` Mimi Zohar 2020-09-29 19:01 ` [LTP] " Mimi Zohar 2020-09-29 16:53 ` [LTP] [PATCH v3 0/4] TPM 2.0 fixes in IMA tests Petr Vorel 2020-09-29 21:56 ` Mimi Zohar 2020-09-29 23:11 ` Jarkko Sakkinen 2020-09-29 23:11 ` [LTP] " Jarkko Sakkinen 2020-09-30 5:53 ` Petr Vorel 2020-09-30 5:53 ` [LTP] " Petr Vorel 2020-09-30 11:59 ` Jarkko Sakkinen 2020-09-30 11:59 ` [LTP] " Jarkko Sakkinen 2020-10-01 12:01 ` Petr Vorel 2020-10-01 12:01 ` [LTP] " Petr Vorel 2020-10-01 18:31 ` Jarkko Sakkinen 2020-10-01 18:31 ` [LTP] " Jarkko Sakkinen 2020-10-06 10:01 ` Petr Vorel 2020-10-06 15:53 ` Jarkko Sakkinen 2020-10-06 15:55 ` Jarkko Sakkinen 2020-10-06 17:37 ` Ken Goldman
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200930065348.GB21664@dell5510 \ --to=pvorel@suse.cz \ --cc=jarkko.sakkinen@linux.intel.com \ --cc=linux-integrity@vger.kernel.org \ --cc=ltp@lists.linux.it \ --cc=nramas@linux.microsoft.com \ --cc=zohar@linux.ibm.com \ --cc=zohar@linux.vnet.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.