Change since V1: - Add test results with LTP. - Rewrite patch 1's commit header. Here is the test result with LTP testcase ima_tpm.sh which is used to verify binary_bios_measurements. ima_tpm 1 TINFO: timeout per run is 0h 5m 0s ima_tpm 1 TINFO: /proc/cmdline: BOOT_IMAGE=/boot/vmlinuz-5.0.0-rc1+ root=UUID=c665e92c-736d-4b08-9143-a57396f935f3 ro rootwait crashkernel=auto console=tty0 console=ttyS0,115200 reboot=efi ima_hash=sha1 ima_tpm 1 TINFO: verify boot aggregate ima_tpm 1 TPASS: bios aggregate matches IMA boot aggregate ima_tpm 2 TINFO: verify PCR values ima_tpm 2 TINFO: evmctl version: evmctl 1.1 ima_tpm 2 TCONF: TPM Hardware Support not enabled in kernel or no TPM chip found Summary: passed 1 failed 0 skipped 1 warnings 0 Note: The 2nd test in ima_tpm requires /sys/class/tpm/tpm0/device/pcrs but this interface is not available if TPM2 device used. So the test result showed above is expected. Jia
