diff for duplicates of <1592252491.11061.181.camel@linux.ibm.com> diff --git a/a/1.txt b/N1/1.txt index b17e87b..827455a 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -2,7 +2,7 @@ On Mon, 2020-06-15 at 16:41 -0300, Bruno Meneguele wrote: > On Thu, May 28, 2020 at 06:05:27PM +0200, Petr Vorel wrote: > > Hi Mimi, > > ... -> > > > > With just this change, the ima_tpm.sh test is failing. I assume it is +> > > > > With just this change, the ima_tpm.sh test is failing. ?I assume it is > > > > > failing because it is reading the SHA1 TPM bank, not the SHA256 bank > > > > > to calculate the boot_aggregate hash. > > > > First question: is it correct to take sha256? Because on my test below it's @@ -15,7 +15,7 @@ On Mon, 2020-06-15 at 16:41 -0300, Bruno Meneguele wrote: > > > > What is needed to get your setup? > > > > > This isn't a configuration problem, but an issue of reading PCRs and -> > > calculating the TPM bank appropriate boot_aggregate. If you're +> > > calculating the TPM bank appropriate boot_aggregate. ?If you're > > > calculating a sha256 boot_aggregate, then the test needs to read and > > > calculate the boot_aggregate by reading the SHA256 TPM bank. > > OK, I tested it on TPM 1.2 (no TPM 2.0 available atm). @@ -40,7 +40,7 @@ On Mon, 2020-06-15 at 16:41 -0300, Bruno Meneguele wrote: As long as we're dealing with the "boot_aggregate", Maurizio just posted a kernel patch for including PCR 8 & 9 in the boot_aggregate. - The existing IMA LTP "boot_aggregate" test is going to need to +?The existing IMA LTP "boot_aggregate" test is going to need to support this change. I'd appreciate if someone could send me a TPM event log, the PCRs, and @@ -57,8 +57,8 @@ system with a discrete TPM 2.0 with PCRs 8 & 9 events. > > > > IMA I incline to just require evmctl. > > > > > Unlike TPM 1.2, the TPM 2.0 device driver doesn't export the TPM PCRs. -> > > Not only would you have a dependency on ima-evm-utils, but also on a -> > > userspace application(s) for reading the TPM PCRs. That dependency +> > > ?Not only would you have a dependency on ima-evm-utils, but also on a +> > > userspace application(s) for reading the TPM PCRs. ?That dependency > > > exists whether you're using evmctl to calculate the boot_aggregate or > > > doing it yourself. > > Hm, things get complicated. @@ -76,13 +76,13 @@ system with a discrete TPM 2.0 with PCRs 8 & 9 events. > TCG spec version being implemented by the hw TPM, in a sysfs standard > output. -That was only upstreamed in linux-v5.6. Has it been backported? +That was only upstreamed in linux-v5.6. ?Has it been backported? The PCRs are not exported for TPM 2.0, unfortunately, making -regression tests dependent on a userspace app. The existing LTP +regression tests dependent on a userspace app. ?The existing LTP ima_tpm.sh test looks for the PCRs in either /sys/class/tpm/tpm0/device/pcrs or /sys/class/misc/tpm0/device/pcrs. - Perhaps piggyback on the pseudo PCR file to test for TPM 1.2. +?Perhaps piggyback on the pseudo PCR file to test for TPM 1.2. > > > ... @@ -110,13 +110,13 @@ ima_tpm.sh test looks for the PCRs in either > > > [Cc'ing Vitaly] > > > > > The boot_aggregate.trs and boot_aggregate.log files are being created -> > > in the tests/ directory. Is that directory read-only? +> > > in the tests/ directory. ?Is that directory read-only? > > Yes, drwxr-xr-x. Testing on fresh clone and issue persists. > > > > Yes, same thing here.. but didn't really check the reason for that. Will > take a time later to see what's happening. -Thanks, much appreciated. I'm not seeing that here. +Thanks, much appreciated. ?I'm not seeing that here. Mimi diff --git a/a/content_digest b/N1/content_digest index cd6936c..430f45b 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -5,24 +5,16 @@ "ref\020200528160527.GA27243@dell5510\0" "ref\020200615194134.GF129694@glitch\0" "From\0Mimi Zohar <zohar@linux.ibm.com>\0" - "Subject\0Re: [LTP v2 1/1] ima_tpm.sh: Fix for calculating boot aggregate\0" + "Subject\0[LTP] [LTP v2 1/1] ima_tpm.sh: Fix for calculating boot aggregate\0" "Date\0Mon, 15 Jun 2020 16:21:31 -0400\0" - "To\0Bruno Meneguele <bmeneg@redhat.com>" - " Petr Vorel <pvorel@suse.cz>\0" - "Cc\0ltp@lists.linux.it" - Mimi Zohar <zohar@linux.vnet.ibm.com> - Petr Cervinka <pcervinka@suse.com> - Cyril Hrubis <chrubis@suse.cz> - linux-integrity@vger.kernel.org - Vitaly Chikunov <vt@altlinux.org> - " Maurizio Drocco <maurizio.drocco@ibm.com>\0" + "To\0ltp@lists.linux.it\0" "\00:1\0" "b\0" "On Mon, 2020-06-15 at 16:41 -0300, Bruno Meneguele wrote:\n" "> On Thu, May 28, 2020 at 06:05:27PM +0200, Petr Vorel wrote:\n" "> > Hi Mimi,\n" "> > ...\n" - "> > > > > With just this change, the ima_tpm.sh test is failing. \302\240I assume it is\n" + "> > > > > With just this change, the ima_tpm.sh test is failing. ?I assume it is\n" "> > > > > failing because it is reading the SHA1 TPM bank, not the SHA256 bank\n" "> > > > > to calculate the boot_aggregate hash.\n" "> > > > First question: is it correct to take sha256? Because on my test below it's\n" @@ -35,7 +27,7 @@ "> > > > What is needed to get your setup?\n" "> > \n" "> > > This isn't a configuration problem, but an issue of reading PCRs and\n" - "> > > calculating the TPM bank appropriate boot_aggregate. \302\240If you're\n" + "> > > calculating the TPM bank appropriate boot_aggregate. ?If you're\n" "> > > calculating a sha256 boot_aggregate, then the test needs to read and\n" "> > > calculate the boot_aggregate by reading the SHA256 TPM bank.\n" "> > OK, I tested it on TPM 1.2 (no TPM 2.0 available atm).\n" @@ -60,7 +52,7 @@ "\n" "As long as we're dealing with the \"boot_aggregate\", Maurizio just\n" "posted a kernel patch for including PCR 8 & 9 in the boot_aggregate.\n" - "\302\240The existing IMA LTP \"boot_aggregate\" test is going to need to\n" + "?The existing IMA LTP \"boot_aggregate\" test is going to need to\n" "support this change.\n" "\n" "I'd appreciate if someone could send me a TPM event log, the PCRs, and\n" @@ -77,8 +69,8 @@ "> > > > IMA I incline to just require evmctl.\n" "> > \n" "> > > Unlike TPM 1.2, the TPM 2.0 device driver doesn't export the TPM PCRs.\n" - "> > > \302\240Not only would you have a dependency on ima-evm-utils, but also on a\n" - "> > > userspace application(s) for reading the TPM PCRs. \302\240That dependency\n" + "> > > ?Not only would you have a dependency on ima-evm-utils, but also on a\n" + "> > > userspace application(s) for reading the TPM PCRs. ?That dependency\n" "> > > exists whether you're using evmctl to calculate the boot_aggregate or\n" "> > > doing it yourself.\n" "> > Hm, things get complicated.\n" @@ -96,13 +88,13 @@ "> TCG spec version being implemented by the hw TPM, in a sysfs standard\n" "> output.\n" "\n" - "That was only upstreamed in linux-v5.6. \302\240Has it been backported?\n" + "That was only upstreamed in linux-v5.6. ?Has it been backported?\n" "\n" "The PCRs are not exported for TPM 2.0, unfortunately, making\n" - "regression tests dependent on a userspace app. \302\240The existing LTP\n" + "regression tests dependent on a userspace app. ?The existing LTP\n" "ima_tpm.sh test looks for the PCRs in either\n" "/sys/class/tpm/tpm0/device/pcrs or /sys/class/misc/tpm0/device/pcrs.\n" - "\302\240Perhaps piggyback on the pseudo PCR file to test for TPM 1.2.\n" + "?Perhaps piggyback on the pseudo PCR file to test for TPM 1.2.\n" "\n" "> \n" "> > ...\n" @@ -130,15 +122,15 @@ "> > > [Cc'ing Vitaly]\n" "> > \n" "> > > The boot_aggregate.trs and boot_aggregate.log files are being created\n" - "> > > in the tests/ directory. \302\240Is that directory read-only?\n" + "> > > in the tests/ directory. ?Is that directory read-only?\n" "> > Yes, drwxr-xr-x. Testing on fresh clone and issue persists.\n" "> > \n" "> \n" "> Yes, same thing here.. but didn't really check the reason for that. Will\n" "> take a time later to see what's happening.\n" "\n" - "Thanks, much appreciated. \302\240I'm not seeing that here.\n" + "Thanks, much appreciated. ?I'm not seeing that here.\n" "\n" Mimi -5526320531f9a72057def36b02b58f88d4ddcdca008423eb335a31bab31783b2 +5607dba50acc07b99cf65ba3c983891d90db4a85751c2268d2045ebaa03d21bc
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.