"evmctl ima_measurement" walks the IMA measurement list re-calculating
the TPM PCR banks.
- Support the original method of extending the TPM 2.0 banks with the
padded SHA1 digest.
- Instead of reading the hardware or software TPM PCRs, support
providing the TPM 1.2 PCRs as a file.
- Limit the number of messages being emitted while verifying the
measurement list.
- Reading the TPM PCRs before walking the measurement list guarantees
the measurement list contains all the records, maybe too many.
- Rename "--list" to "--verify-sig", and update the README.
Changelog v2:
- limit number of messages
- read PCRs before walking the measurement list
- and other miscellaneous cleanup
Mimi Zohar (8):
ima-evm-utils: improve reading TPM 1.2 PCRs
ima_evm_utils: support extending TPM 2.0 banks w/original SHA1 padded
digest
ima-evm-utils: support providing the TPM 1.2 PCRs as a file
ima-evm-utils: emit "ima_measurement" messages based on log level
ima-evm-utils: guarantee the measurement list contains all the records
ima-evm-utils: the IMA measurement list may have too many measurements
ima-evm-utils: optionally verify the template data file signature
ima-evm-utils: update README to reflect "--pcrs", "--verify" and
"--validate"
README | 6 ++-
src/evmctl.c | 172 +++++++++++++++++++++++++++++++++++++++++++----------------
2 files changed, 132 insertions(+), 46 deletions(-)
--
2.7.5
