Am 14.06.19 um 16:14 Uhr schrieb Petr Vorel:
+++ b/testcases/kernel/security/integrity/ima/tests/README.md @@ -0,0 +1,83 @@ +IMA + EVM testing +================= + +IMA tests +--------- + +`ima_measurements.sh` require builtin IMA tcb policy to be loaded +(`ima_policy=tcb` or `ima_policy=appraise_tcb` kernel parameter).This test requires "appraise_tcb" ("tcb" is not enough), as the errors only occur during appraisal.Are you sure? This is a note for ima_measurements.sh test (not for evm_overlay.sh). I require ima_policy=tcb here, according to Mimi [1]
Oh, sorry, you are correct - "tcb" is correct in this case. I got confused as the documentation is included in the overlayfs reproducer patch.
Ignaz
