diff for duplicates of <20200615194134.GF129694@glitch> diff --git a/a/1.txt b/N1/1.txt index b396d62..5b1fae0 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,7 +1,7 @@ On Thu, May 28, 2020 at 06:05:27PM +0200, Petr Vorel wrote: > Hi Mimi, > ... -> > > > With just this change, the ima_tpm.sh test is failing. I assume it is +> > > > With just this change, the ima_tpm.sh test is failing. ?I assume it is > > > > failing because it is reading the SHA1 TPM bank, not the SHA256 bank > > > > to calculate the boot_aggregate hash. > > > First question: is it correct to take sha256? Because on my test below it's @@ -14,7 +14,7 @@ On Thu, May 28, 2020 at 06:05:27PM +0200, Petr Vorel wrote: > > > What is needed to get your setup? > > > This isn't a configuration problem, but an issue of reading PCRs and -> > calculating the TPM bank appropriate boot_aggregate. If you're +> > calculating the TPM bank appropriate boot_aggregate. ?If you're > > calculating a sha256 boot_aggregate, then the test needs to read and > > calculate the boot_aggregate by reading the SHA256 TPM bank. > OK, I tested it on TPM 1.2 (no TPM 2.0 available atm). @@ -46,8 +46,8 @@ support for multiple banks? > > > IMA I incline to just require evmctl. > > > Unlike TPM 1.2, the TPM 2.0 device driver doesn't export the TPM PCRs. -> > Not only would you have a dependency on ima-evm-utils, but also on a -> > userspace application(s) for reading the TPM PCRs. That dependency +> > ?Not only would you have a dependency on ima-evm-utils, but also on a +> > userspace application(s) for reading the TPM PCRs. ?That dependency > > exists whether you're using evmctl to calculate the boot_aggregate or > > doing it yourself. > Hm, things get complicated. @@ -90,7 +90,7 @@ output. > > [Cc'ing Vitaly] > > > The boot_aggregate.trs and boot_aggregate.log files are being created -> > in the tests/ directory. Is that directory read-only? +> > in the tests/ directory. ?Is that directory read-only? > Yes, drwxr-xr-x. Testing on fresh clone and issue persists. > @@ -108,3 +108,10 @@ take a time later to see what's happening. -- bmeneg PGP Key: http://bmeneg.com/pubkey.txt +-------------- next part -------------- +A non-text attachment was scrubbed... +Name: signature.asc +Type: application/pgp-signature +Size: 488 bytes +Desc: not available +URL: <http://lists.linux.it/pipermail/ltp/attachments/20200615/c866967e/attachment-0001.sig> diff --git a/a/2.bin b/a/2.bin deleted file mode 100644 index 2339dcf..0000000 --- a/a/2.bin +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAEBCAAdFiEEdWo6nTbnZdbDmXutYdRkFR+RokMFAl7nzu4ACgkQYdRkFR+R -okP2Awf/Yj/2ut8CsFMbdGyO2oBu7/lTyLb9qcbxjCI3wPZz3EBTSSo3DaQ11Qdo -8TMh5TFKWo0EcUS3NeGQZwMIVjnw9IFGoEFIHiB09C87ZMfUXoIEj5iq7X1+trg+ -QRc72GXd7FqEW0QmiE8+1A+weHAIZ5I46lmJ2lx5/LeX4kl2tasEfGK2PgxhnnRB -l3gttg8oap7W1Z/agjenDlJBIURBr6zz5L4AI88KT4QG8StXt6eKoug2upYear3+ -UBbNY7o2r2j4bLgDjAxFeEqFa63uZcdipPvfDKHCZLGAv2Qa+jcPurkOfR1aEG73 -a1BETIONQPLLvJhF5MYdUHKCfEE51Q== -=Ffrq ------END PGP SIGNATURE----- diff --git a/a/2.hdr b/a/2.hdr deleted file mode 100644 index 5e5352c..0000000 --- a/a/2.hdr +++ /dev/null @@ -1 +0,0 @@ -Content-Type: application/pgp-signature; name="signature.asc" diff --git a/a/content_digest b/N1/content_digest index 995f21d..f641dd6 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -4,22 +4,15 @@ "ref\01590679145.4457.39.camel@linux.ibm.com\0" "ref\020200528160527.GA27243@dell5510\0" "From\0Bruno Meneguele <bmeneg@redhat.com>\0" - "Subject\0Re: [LTP v2 1/1] ima_tpm.sh: Fix for calculating boot aggregate\0" + "Subject\0[LTP] [LTP v2 1/1] ima_tpm.sh: Fix for calculating boot aggregate\0" "Date\0Mon, 15 Jun 2020 16:41:34 -0300\0" - "To\0Petr Vorel <pvorel@suse.cz>\0" - "Cc\0Mimi Zohar <zohar@linux.ibm.com>" - ltp@lists.linux.it - Mimi Zohar <zohar@linux.vnet.ibm.com> - Petr Cervinka <pcervinka@suse.com> - Cyril Hrubis <chrubis@suse.cz> - linux-integrity@vger.kernel.org - " Vitaly Chikunov <vt@altlinux.org>\0" - "\01:1\0" + "To\0ltp@lists.linux.it\0" + "\00:1\0" "b\0" "On Thu, May 28, 2020 at 06:05:27PM +0200, Petr Vorel wrote:\n" "> Hi Mimi,\n" "> ...\n" - "> > > > With just this change, the ima_tpm.sh test is failing. \302\240I assume it is\n" + "> > > > With just this change, the ima_tpm.sh test is failing. ?I assume it is\n" "> > > > failing because it is reading the SHA1 TPM bank, not the SHA256 bank\n" "> > > > to calculate the boot_aggregate hash.\n" "> > > First question: is it correct to take sha256? Because on my test below it's\n" @@ -32,7 +25,7 @@ "> > > What is needed to get your setup?\n" "> \n" "> > This isn't a configuration problem, but an issue of reading PCRs and\n" - "> > calculating the TPM bank appropriate boot_aggregate. \302\240If you're\n" + "> > calculating the TPM bank appropriate boot_aggregate. ?If you're\n" "> > calculating a sha256 boot_aggregate, then the test needs to read and\n" "> > calculate the boot_aggregate by reading the SHA256 TPM bank.\n" "> OK, I tested it on TPM 1.2 (no TPM 2.0 available atm).\n" @@ -64,8 +57,8 @@ "> > > IMA I incline to just require evmctl.\n" "> \n" "> > Unlike TPM 1.2, the TPM 2.0 device driver doesn't export the TPM PCRs.\n" - "> > \302\240Not only would you have a dependency on ima-evm-utils, but also on a\n" - "> > userspace application(s) for reading the TPM PCRs. \302\240That dependency\n" + "> > ?Not only would you have a dependency on ima-evm-utils, but also on a\n" + "> > userspace application(s) for reading the TPM PCRs. ?That dependency\n" "> > exists whether you're using evmctl to calculate the boot_aggregate or\n" "> > doing it yourself.\n" "> Hm, things get complicated.\n" @@ -108,7 +101,7 @@ "> > [Cc'ing Vitaly]\n" "> \n" "> > The boot_aggregate.trs and boot_aggregate.log files are being created\n" - "> > in the tests/ directory. \302\240Is that directory read-only?\n" + "> > in the tests/ directory. ?Is that directory read-only?\n" "> Yes, drwxr-xr-x. Testing on fresh clone and issue persists.\n" "> \n" "\n" @@ -125,20 +118,13 @@ "\n" "-- \n" "bmeneg \n" - PGP Key: http://bmeneg.com/pubkey.txt - "\01:2\0" - "fn\0signature.asc\0" - "b\0" - "-----BEGIN PGP SIGNATURE-----\n" - "\n" - "iQEzBAEBCAAdFiEEdWo6nTbnZdbDmXutYdRkFR+RokMFAl7nzu4ACgkQYdRkFR+R\n" - "okP2Awf/Yj/2ut8CsFMbdGyO2oBu7/lTyLb9qcbxjCI3wPZz3EBTSSo3DaQ11Qdo\n" - "8TMh5TFKWo0EcUS3NeGQZwMIVjnw9IFGoEFIHiB09C87ZMfUXoIEj5iq7X1+trg+\n" - "QRc72GXd7FqEW0QmiE8+1A+weHAIZ5I46lmJ2lx5/LeX4kl2tasEfGK2PgxhnnRB\n" - "l3gttg8oap7W1Z/agjenDlJBIURBr6zz5L4AI88KT4QG8StXt6eKoug2upYear3+\n" - "UBbNY7o2r2j4bLgDjAxFeEqFa63uZcdipPvfDKHCZLGAv2Qa+jcPurkOfR1aEG73\n" - "a1BETIONQPLLvJhF5MYdUHKCfEE51Q==\n" - "=Ffrq\n" - "-----END PGP SIGNATURE-----\n" + "PGP Key: http://bmeneg.com/pubkey.txt\n" + "-------------- next part --------------\n" + "A non-text attachment was scrubbed...\n" + "Name: signature.asc\n" + "Type: application/pgp-signature\n" + "Size: 488 bytes\n" + "Desc: not available\n" + URL: <http://lists.linux.it/pipermail/ltp/attachments/20200615/c866967e/attachment-0001.sig> -af2fce3d6614c277fe5d4b172932f92f09b675be0eb624075beb1668edc9f1cb +78a5049f08064ce99b7559e5836b046c78c629690e5da2e717884a4525329a9a
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.