The IMA LTP and standalone tests supported a number of features
properly, but were not carried forward in ima-evm-utils. For example,
hard coding "fixing" file time of measure, time of use (ToMToU)
violations, rather than requiring the "--validate" command option.
Similarly, verifying the template data digest against the template data
should be optional ("--verify").
On some older systems, the Linux kernel header package does not include
"hash_info.h", which results in the crypto algorithm strings not being
defined. To address this problem, hash_info.gen defines a "heredoc" to
generate the "hash_info.h" file.
The remaining changes are simple bug fixes.
Mimi
Mimi Zohar (6):
ima-evm-utils: fix PCRAggr error message
ima-evm-utils: fix measurement violation checking
ima-evm-utils: don't hardcode validating the IMA measurement list
ima-evm-utils: calculate and verify the template data digest
ima-evm-utils: use uint32_t for template length
ima-evm-utils: define a basic hash_info.h file
src/Makefile.am | 2 +-
src/evmctl.c | 38 ++++++++++++++++++++++++++++----------
src/hash_info.gen | 43 +++++++++++++++++++++++++++++++++++++++++++
3 files changed, 72 insertions(+), 11 deletions(-)
--
2.7.5
