diff for duplicates of <1590679145.4457.39.camel@linux.ibm.com> diff --git a/a/1.txt b/N1/1.txt index bf7f339..0366e5a 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -20,7 +20,7 @@ On Thu, 2020-05-28 at 16:07 +0200, Petr Vorel wrote: > > > > Tested only on VM. Can anybody test it on real HW? > -> > With just this change, the ima_tpm.sh test is failing. I assume it is +> > With just this change, the ima_tpm.sh test is failing. ?I assume it is > > failing because it is reading the SHA1 TPM bank, not the SHA256 bank > > to calculate the boot_aggregate hash. > First question: is it correct to take sha256? Because on my test below it's @@ -33,7 +33,7 @@ On Thu, 2020-05-28 at 16:07 +0200, Petr Vorel wrote: > What is needed to get your setup? This isn't a configuration problem, but an issue of reading PCRs and -calculating the TPM bank appropriate boot_aggregate. If you're +calculating the TPM bank appropriate boot_aggregate. ?If you're calculating a sha256 boot_aggregate, then the test needs to read and calculate the boot_aggregate by reading the SHA256 TPM bank. @@ -139,8 +139,8 @@ calculate the boot_aggregate by reading the SHA256 TPM bank. > IMA I incline to just require evmctl. Unlike TPM 1.2, the TPM 2.0 device driver doesn't export the TPM PCRs. - Not only would you have a dependency on ima-evm-utils, but also on a -userspace application(s) for reading the TPM PCRs. That dependency +?Not only would you have a dependency on ima-evm-utils, but also on a +userspace application(s) for reading the TPM PCRs. ?That dependency exists whether you're using evmctl to calculate the boot_aggregate or doing it yourself. @@ -178,8 +178,8 @@ doing it yourself. [Cc'ing Vitaly] The boot_aggregate.trs and boot_aggregate.log files are being created -in the tests/ directory. Is that directory read-only? - +in the tests/ directory. ?Is that directory read-only? +? > > > Both need some review and testing before being released. > Any estimation when code is released? diff --git a/a/content_digest b/N1/content_digest index 828cfa2..064184e 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,15 +2,9 @@ "ref\01590601280.16219.1.camel@linux.ibm.com\0" "ref\020200528140747.GA8401@dell5510\0" "From\0Mimi Zohar <zohar@linux.ibm.com>\0" - "Subject\0Re: [LTP v2 1/1] ima_tpm.sh: Fix for calculating boot aggregate\0" + "Subject\0[LTP] [LTP v2 1/1] ima_tpm.sh: Fix for calculating boot aggregate\0" "Date\0Thu, 28 May 2020 11:19:05 -0400\0" - "To\0Petr Vorel <pvorel@suse.cz>\0" - "Cc\0ltp@lists.linux.it" - Mimi Zohar <zohar@linux.vnet.ibm.com> - Petr Cervinka <pcervinka@suse.com> - Cyril Hrubis <chrubis@suse.cz> - linux-integrity@vger.kernel.org - " Vitaly Chikunov <vt@altlinux.org>\0" + "To\0ltp@lists.linux.it\0" "\00:1\0" "b\0" "On Thu, 2020-05-28 at 16:07 +0200, Petr Vorel wrote:\n" @@ -35,7 +29,7 @@ "> \n" "> > > Tested only on VM. Can anybody test it on real HW?\n" "> \n" - "> > With just this change, the ima_tpm.sh test is failing. \302\240I assume it is\n" + "> > With just this change, the ima_tpm.sh test is failing. ?I assume it is\n" "> > failing because it is reading the SHA1 TPM bank, not the SHA256 bank\n" "> > to calculate the boot_aggregate hash.\n" "> First question: is it correct to take sha256? Because on my test below it's\n" @@ -48,7 +42,7 @@ "> What is needed to get your setup?\n" "\n" "This isn't a configuration problem, but an issue of reading PCRs and\n" - "calculating the TPM bank appropriate boot_aggregate. \302\240If you're\n" + "calculating the TPM bank appropriate boot_aggregate. ?If you're\n" "calculating a sha256 boot_aggregate, then the test needs to read and\n" "calculate the boot_aggregate by reading the SHA256 TPM bank.\n" "\n" @@ -154,8 +148,8 @@ "> IMA I incline to just require evmctl.\n" "\n" "Unlike TPM 1.2, the TPM 2.0 device driver doesn't export the TPM PCRs.\n" - "\302\240Not only would you have a dependency on ima-evm-utils, but also on a\n" - "userspace application(s) for reading the TPM PCRs. \302\240That dependency\n" + "?Not only would you have a dependency on ima-evm-utils, but also on a\n" + "userspace application(s) for reading the TPM PCRs. ?That dependency\n" "exists whether you're using evmctl to calculate the boot_aggregate or\n" "doing it yourself.\n" "\n" @@ -193,8 +187,8 @@ "[Cc'ing Vitaly]\n" "\n" "The boot_aggregate.trs and boot_aggregate.log files are being created\n" - "in the tests/ directory. \302\240Is that directory read-only?\n" - "\302\240\n" + "in the tests/ directory. ?Is that directory read-only?\n" + "?\n" "> \n" "> > Both need some review and testing before being released.\n" "> Any estimation when code is released?\n" @@ -204,4 +198,4 @@ "\n" Mimi -927e1c2c061d70eb1da22f49ab1fa6d5b5d388abdf0eca3e1604cf9da085021f +49de388e14bd9380edb1390c7309bd8d53a69014b4b91a0258623fa0ceb3c1a4
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.