diff for duplicates of <20200615200121.GG129694@glitch> diff --git a/a/1.txt b/N1/1.txt index 38815ca..55976d9 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -2,7 +2,7 @@ On Mon, Jun 15, 2020 at 04:41:34PM -0300, Bruno Meneguele wrote: > On Thu, May 28, 2020 at 06:05:27PM +0200, Petr Vorel wrote: > > Hi Mimi, > > ... -> > > > > With just this change, the ima_tpm.sh test is failing. I assume it is +> > > > > With just this change, the ima_tpm.sh test is failing. ?I assume it is > > > > > failing because it is reading the SHA1 TPM bank, not the SHA256 bank > > > > > to calculate the boot_aggregate hash. > > > > First question: is it correct to take sha256? Because on my test below it's @@ -13,7 +13,7 @@ On Mon, Jun 15, 2020 at 04:41:34PM -0300, Bruno Meneguele wrote: > > > > b59fda449cf0 ("ima: Set again build_ima_appraise variable") (i.e. having all > > > > Robeto's ima patches, missing just last 2 commits from next-integrity head). > > > > What is needed to get your setup? > > > > > This isn't a configuration problem, but an issue of reading PCRs and -> > > calculating the TPM bank appropriate boot_aggregate. If you're +> > > calculating the TPM bank appropriate boot_aggregate. ?If you're > > > calculating a sha256 boot_aggregate, then the test needs to read and > > > calculate the boot_aggregate by reading the SHA256 TPM bank. > > OK, I tested it on TPM 1.2 (no TPM 2.0 available atm). @@ -45,8 +45,8 @@ On Mon, Jun 15, 2020 at 04:41:34PM -0300, Bruno Meneguele wrote: > > > > IMA I incline to just require evmctl. > > > > > Unlike TPM 1.2, the TPM 2.0 device driver doesn't export the TPM PCRs. -> > > Not only would you have a dependency on ima-evm-utils, but also on a -> > > userspace application(s) for reading the TPM PCRs. That dependency +> > > ?Not only would you have a dependency on ima-evm-utils, but also on a +> > > userspace application(s) for reading the TPM PCRs. ?That dependency > > > exists whether you're using evmctl to calculate the boot_aggregate or > > > doing it yourself. > > Hm, things get complicated. @@ -94,7 +94,7 @@ That's the issue :). > > > [Cc'ing Vitaly] > > > > > The boot_aggregate.trs and boot_aggregate.log files are being created -> > > in the tests/ directory. Is that directory read-only? +> > > in the tests/ directory. ?Is that directory read-only? > > Yes, drwxr-xr-x. Testing on fresh clone and issue persists. > > > @@ -118,3 +118,10 @@ That's the issue :). -- bmeneg PGP Key: http://bmeneg.com/pubkey.txt +-------------- next part -------------- +A non-text attachment was scrubbed... +Name: signature.asc +Type: application/pgp-signature +Size: 488 bytes +Desc: not available +URL: <http://lists.linux.it/pipermail/ltp/attachments/20200615/758b0375/attachment-0001.sig> diff --git a/a/2.bin b/a/2.bin deleted file mode 100644 index bb52cee..0000000 --- a/a/2.bin +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAEBCAAdFiEEdWo6nTbnZdbDmXutYdRkFR+RokMFAl7n05EACgkQYdRkFR+R -okM3RAgAzscBmkyoWf16HvUXf7A4NIt1uUsC8w5emjZw50st8s1xZgKDCydvrFsc -XnwF9UH3Sh7+r/ZMHUZ1N7HeFqOgxitqC3XZEBQVq6Ph5wZv1PaT72Lhna5LLXEt -MgfYQovvM8GxbUv7wTDsK59vFc/1MOaygxwL6zwG0/bwg8IkKyptRlgrsrwEYUXM -Z2HVIXAvUff0FysXGPJnmVBcxpzQi0lTs4hd9fciy75Jf7bJQt3Dz9aOYmaZ8b5x -fG5w8xM7ZsW4kab6j1FWzFlsXiDrIBPoA8RZEIAiroBJWhwhs+bKDbCRWZWkq+Ei -Ih4AXYlcMT7VN8YKFep6XgFpW/dzXA== -=o6OR ------END PGP SIGNATURE----- diff --git a/a/2.hdr b/a/2.hdr deleted file mode 100644 index 5e5352c..0000000 --- a/a/2.hdr +++ /dev/null @@ -1 +0,0 @@ -Content-Type: application/pgp-signature; name="signature.asc" diff --git a/a/content_digest b/N1/content_digest index e38fa1a..3a67041 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -5,23 +5,16 @@ "ref\020200528160527.GA27243@dell5510\0" "ref\020200615194134.GF129694@glitch\0" "From\0Bruno Meneguele <bmeneg@redhat.com>\0" - "Subject\0Re: [LTP v2 1/1] ima_tpm.sh: Fix for calculating boot aggregate\0" + "Subject\0[LTP] [LTP v2 1/1] ima_tpm.sh: Fix for calculating boot aggregate\0" "Date\0Mon, 15 Jun 2020 17:01:21 -0300\0" - "To\0Petr Vorel <pvorel@suse.cz>\0" - "Cc\0Mimi Zohar <zohar@linux.ibm.com>" - ltp@lists.linux.it - Mimi Zohar <zohar@linux.vnet.ibm.com> - Petr Cervinka <pcervinka@suse.com> - Cyril Hrubis <chrubis@suse.cz> - linux-integrity@vger.kernel.org - " Vitaly Chikunov <vt@altlinux.org>\0" - "\01:1\0" + "To\0ltp@lists.linux.it\0" + "\00:1\0" "b\0" "On Mon, Jun 15, 2020 at 04:41:34PM -0300, Bruno Meneguele wrote:\n" "> On Thu, May 28, 2020 at 06:05:27PM +0200, Petr Vorel wrote:\n" "> > Hi Mimi,\n" "> > ...\n" - "> > > > > With just this change, the ima_tpm.sh test is failing. \302\240I assume it is\n" + "> > > > > With just this change, the ima_tpm.sh test is failing. ?I assume it is\n" "> > > > > failing because it is reading the SHA1 TPM bank, not the SHA256 bank\n" "> > > > > to calculate the boot_aggregate hash.\n" "> > > > First question: is it correct to take sha256? Because on my test below it's\n" @@ -32,7 +25,7 @@ "> > > > b59fda449cf0 (\"ima: Set again build_ima_appraise variable\") (i.e. having all\n" "> > > > Robeto's ima patches, missing just last 2 commits from next-integrity head).\n" "> > > > What is needed to get your setup? > > > > > This isn't a configuration problem, but an issue of reading PCRs and\n" - "> > > calculating the TPM bank appropriate boot_aggregate. \302\240If you're\n" + "> > > calculating the TPM bank appropriate boot_aggregate. ?If you're\n" "> > > calculating a sha256 boot_aggregate, then the test needs to read and\n" "> > > calculate the boot_aggregate by reading the SHA256 TPM bank.\n" "> > OK, I tested it on TPM 1.2 (no TPM 2.0 available atm).\n" @@ -64,8 +57,8 @@ "> > > > IMA I incline to just require evmctl.\n" "> > \n" "> > > Unlike TPM 1.2, the TPM 2.0 device driver doesn't export the TPM PCRs.\n" - "> > > \302\240Not only would you have a dependency on ima-evm-utils, but also on a\n" - "> > > userspace application(s) for reading the TPM PCRs. \302\240That dependency\n" + "> > > ?Not only would you have a dependency on ima-evm-utils, but also on a\n" + "> > > userspace application(s) for reading the TPM PCRs. ?That dependency\n" "> > > exists whether you're using evmctl to calculate the boot_aggregate or\n" "> > > doing it yourself.\n" "> > Hm, things get complicated.\n" @@ -113,7 +106,7 @@ "> > > [Cc'ing Vitaly]\n" "> > \n" "> > > The boot_aggregate.trs and boot_aggregate.log files are being created\n" - "> > > in the tests/ directory. \302\240Is that directory read-only?\n" + "> > > in the tests/ directory. ?Is that directory read-only?\n" "> > Yes, drwxr-xr-x. Testing on fresh clone and issue persists.\n" "> > \n" "> \n" @@ -136,20 +129,13 @@ "\n" "-- \n" "bmeneg \n" - PGP Key: http://bmeneg.com/pubkey.txt - "\01:2\0" - "fn\0signature.asc\0" - "b\0" - "-----BEGIN PGP SIGNATURE-----\n" - "\n" - "iQEzBAEBCAAdFiEEdWo6nTbnZdbDmXutYdRkFR+RokMFAl7n05EACgkQYdRkFR+R\n" - "okM3RAgAzscBmkyoWf16HvUXf7A4NIt1uUsC8w5emjZw50st8s1xZgKDCydvrFsc\n" - "XnwF9UH3Sh7+r/ZMHUZ1N7HeFqOgxitqC3XZEBQVq6Ph5wZv1PaT72Lhna5LLXEt\n" - "MgfYQovvM8GxbUv7wTDsK59vFc/1MOaygxwL6zwG0/bwg8IkKyptRlgrsrwEYUXM\n" - "Z2HVIXAvUff0FysXGPJnmVBcxpzQi0lTs4hd9fciy75Jf7bJQt3Dz9aOYmaZ8b5x\n" - "fG5w8xM7ZsW4kab6j1FWzFlsXiDrIBPoA8RZEIAiroBJWhwhs+bKDbCRWZWkq+Ei\n" - "Ih4AXYlcMT7VN8YKFep6XgFpW/dzXA==\n" - "=o6OR\n" - "-----END PGP SIGNATURE-----\n" + "PGP Key: http://bmeneg.com/pubkey.txt\n" + "-------------- next part --------------\n" + "A non-text attachment was scrubbed...\n" + "Name: signature.asc\n" + "Type: application/pgp-signature\n" + "Size: 488 bytes\n" + "Desc: not available\n" + URL: <http://lists.linux.it/pipermail/ltp/attachments/20200615/758b0375/attachment-0001.sig> -9375d5fc0a16eff22f5f9a2046e52dbbd89187631b4a08d59659360f8e02c2d7 +c2d471b294bf740f5aa37fcee7703c6a4ddc3e74c15cae2dff0f02c85dfcbd12
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.