On Thu, 2020-08-20 at 11:08 +0200, Petr Vorel wrote: > @@ -63,4 +73,50 @@ test1() > tst_res TPASS "specified keyrings were measured correctly" > } > > +# Create a new keyring, import a certificate into it, and verify > +# that the certificate is measured correctly by IMA. > +test2() > +{ > + tst_require_cmds evmctl keyctl openssl > + > + local cert_file="$TST_DATAROOT/x509_ima.der" > + local keyring_name="key_import_test" > + local temp_file="file.txt" > + > + tst_res TINFO "verify measurement of certificate imported into a keyring" > + > + if ! check_ima_policy_content "^measure.*func=KEY_CHECK.*keyrings=.*$keyring_name"; then > + tst_brk TCONF "IMA policy does not contain $keyring_name keyring" > + fi > + > + KEYRING_ID=$(keyctl newring $keyring_name @s) || \ > + tst_brk TBROK "unable to create a new keyring" > + > + if ! tst_is_num $KEYRING_ID; then > + tst_brk TBROK "unable to parse the new keyring id ('$KEYRING_ID')" > + fi > + Instead of using TST_DATAROOT, which is defined as "$LTPROOT/datafiles", use LTPROOT directly to define the path to the cert. Adding the following will allow the test to run from the build directory. if [ ! -f $cert_file ]; then cert_file="$LTPROOT/../datafiles/ima_keys/x509_ima.der" fi Mimi > + evmctl import $cert_file $KEYRING_ID > /dev/null || \ > + tst_brk TBROK "unable to import a certificate into $keyring_name keyring" > +