On Mon, 2018-01-22 at 09:53 -0500, Mimi Zohar wrote: > Before upgrading to the new OpenSSL 1.1 API, let's clean up the code > a bit and add some missing functionality: > - option to specify the pcr sysfs location > - verify the measurement list using multiple keys > - verify the measurement list using multiple pcrs > - verify a measurement signature against the measurement list digest > - for completeness, extend "ima_verify" to verify the local security.ima hash With James' "ima-evm-utils: Add backward compatible support for openssl 1.1" patch, which supports both OpenSSL 1.0 and 1.1, there is no rush for including all these changes now. For example instead of specifying the pcr sysfs location, a better solution would be for the TPM device driver to export this information. The next branch contains the proposed changes for ima-evm-utils version 1.1, which I'm hoping to release within the next day or so. thanks, Mimi
