On Thu, 2020-07-02 at 11:35 -0400, Lachlan Sneff wrote: > Add a testcase that verifies that kexec correctly passes > the IMA buffer through the soft reboot. > > This test must be run standalone, since it runs kexec. > > Signed-off-by: Lachlan Sneff <t-josne@xxxxxxxxxxxxxxxxxxx> Depending on the policy, the measurement list could be exactly the same from one boot to the next. This test simply checks that the first N number of measurements are the same. It doesn't verify that there are additional measurements, nor does it check that there is an additional "boot_aggregate" after the kexec. At minimum the test should verify the existence of multiple "boot_aggregate" values in the measurement list. A more complete test would walk the measurement list, re-calculating the PCR digests, and then compare the recalculated PCRS against the TPM PCRs. If all the measurements were properly carried across the kexec, the PCR digests should match. Mimi
